Belgium Investigates Cyberattack Linked to China

Belgium Investigates Alleged Data Breach by Chinese Hackers

An investigation has been launched in Belgium concerning a potential data security incident impacting its state security service, the VSSE. The inquiry centers around alleged actions undertaken by Chinese government-affiliated hackers.

The Belgian federal prosecutor’s office confirmed the opening of a cyberattack investigation in a statement provided to TechCrunch last Friday. This action was initiated in November 2023, following notification of the suspected breach.

Confirmation of Earlier Reports

This confirmation aligns with a prior report published by the Belgian French-language newspaper, Le Soir. The newspaper detailed that a Chinese hacking group successfully gained access to the intelligence service’s external mail server over a period spanning from 2021 to 2023.

The alleged attackers exploited a security weakness present in software developed by U.S.-based cybersecurity company, Barracuda. This critical vulnerability, initially revealed by Barracuda in May 2023, affects the firm’s Email Security Gateway (ESG) appliance.

Barracuda’s ESG Appliance and the Vulnerability

The ESG appliance functions as a firewall, designed to filter both incoming and outgoing email traffic for potentially harmful content. Barracuda spokesperson Lesley Sullivan indicated that inquiries regarding any breaches at VSSE should be directed to the VSSE itself.

VSSE did not provide a response to questions submitted by TechCrunch.

Mandiant’s Findings on the Exploited Vulnerability

Security researchers at Mandiant, a U.S. cybersecurity firm, previously identified the vulnerability as being exploited as a zero-day threat. A China-linked cyber-espionage group leveraged it to target organizations globally.

Mandiant’s analysis indicated that approximately one-third of the targeted organizations were government agencies.

Remediation Efforts and Recommendations

Although a security patch was released to address the vulnerability, Barracuda issued a recommendation in June 2023. This urged all affected customers to replace ESG appliances impacted by the flaw.

Furthermore, customers were advised to update any credentials associated with the appliances and to actively monitor for potential compromise indicators dating back to October 2022.

Impact of the Breach on VSSE

According to Le Soir, the China-backed hackers successfully exfiltrated approximately 10% of the Belgian intelligence service’s email communications – both incoming and outgoing. While classified information remained unaffected, the personal data of nearly half of VSSE’s employees was compromised.

This compromised data included identity documents, résumés, and internal correspondence.

VSSE’s Response and Discontinuation of Barracuda Products

Following the cyberattack, which was initially reported by local news outlets in July 2023, VSSE reportedly ceased its utilization of Barracuda’s products.

Zack Whittaker contributed to this report.