The Belgian federal prosecutor launched an investigation into a suspected Chinese cyberattack on the Belgian State Security Service (VSSE) in November 2023. This follows a report by Le Soir, which disclosed that between 2021 and May 2023, hackers, believed to be linked to Chinese espionage, exploited a breach in an American cybersecurity company’s system. The attack allowed the hackers to access about 10% of VSSE’s emails, though classified information was reportedly not compromised. However, the personal data of nearly half of the VSSE staff, including identity documents and CVs, could have been exposed.
The compromised email server was used for exchanging communications with public prosecutors, law enforcement, and government ministries.
These communications also included internal HR data, raising concerns about the potential exposure of sensitive information about past and current VSSE personnel. While no stolen data has been found on the dark web, Belgian intelligence has been monitoring for any leaks or ransom demands.
Despite these concerns, the VSSE has not publicly commented on the breach and referred to the prosecutor’s statement.
The timing of the attack is especially concerning for the Belgian government, as the VSSE was in the middle of a major recruitment drive, which was complicated by the breach. There were also implications for the country’s cybersecurity strategy, as the VSSE had stopped using Barracuda’s services following the breach.
Barracuda had previously identified vulnerabilities in its Email Security Gateway appliances that were exploited in similar attacks, prompting the company to urge customers to replace compromised appliances.
The breach is believed to have been caused by a zero-day vulnerability in Barracuda’s ESG appliance, with the attack traced to a group known as UNC4841, which has ties to Chinese cyber espionage activities. This group is also linked to other global attacks against government institutions, including U.S. federal agencies. While the Chinese embassy in Belgium has denied involvement, claiming that there is insufficient evidence, the investigation continues as the Belgian authorities work to understand the full extent of the damage.
Reference:
