Investigation Underway: Chinese Hackers Suspected in Belgian Intelligence Breach

The Belgian federal prosecutor’s office is currently investigating a significant data breach at the State Security Service (VSSE), with suspicions pointing towards Chinese state-backed hackers. The breach, which occurred between 2021 and May 2023, involved the unauthorized access to the VSSE’s external email server, compromising around 10% of all emails exchanged by the agency’s staff.

Key Points of the Breach

• Vulnerability Exploited: The hackers exploited a zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) appliance, which was used by the VSSE for email security.
• Data Compromised: The breach primarily affected emails exchanged with external entities like public prosecutors, government ministries, and law enforcement. Additionally, internal HR communications were compromised, potentially exposing sensitive personal data such as identity documents and CVs of nearly half of the VSSE’s staff and past applicants.
• Impact and Response: The VSSE stopped using Barracuda’s services following the breach and advised affected staff to renew their identification documents to mitigate identity fraud risks. Despite the breach, there is no evidence of stolen data being sold on the dark web or any ransom demands.
• Ongoing Investigation: The federal prosecutor’s office initiated a judicial investigation in November 2023, but it is too early to draw conclusions. The VSSE remains tight-lipped about the incident, citing its secrecy.

Historical Context

This is not the first instance of Chinese state-backed hackers targeting Belgium. In July 2022, the country’s Minister for Foreign Affairs accused Chinese threat groups (APT27, APT30, APT31, and Gallium) of attacking Belgium’s defense and interior ministries. The Chinese Embassy in Belgium denied these allegations, citing a lack of evidence.