The Belgian government is investigating what looks to be an attack by Chinese hackers, who breached an external email server used regularly by its federal intelligence service.
The email server appears to have been one that is not used for state secrets, but it is possible that the sensitive personal information of government staff was exposed as the intelligence service HR department made use of it. Chinese hackers were blamed due to commonalities with prior attacks on Belgium and other world governments, and the belief that the Barracuda email security software breach was the source of the incursion.
Belgian intelligence service breached in 2023
Though it does not grab the same headlines as other nations, Belgium has attracted significant attention from Chinese hackers since at least 2022. APT groups have been blamed for prior attempts on the interior and defense ministries, and these groups were also known to exploit the Barracuda zero-day vulnerability around this time.
Initial reporting was that the intelligence service (VSSE) was breached in 2021, but it has since issued a statement indicating that its investigation finds it being breached by the Chinese hackers in 2023. Barracuda issued a patch for its email security vulnerability in May of that year, and VSSE dropped them as a provider shortly after.
The group of Chinese hackers thought to be involved is not the infamous Salt Typhoon, which has now been active in over 100 countries but has paid special attention to US communications infrastructure as of late. However, the fact that it is a more “minor” and “lesser known” group that is nevertheless compromising national intelligence services speaks to how much in the way of manpower and resources China is putting into compromising rivals around the globe.
Chinese government denies Chinese hackers are responsible
The Belgian intelligence service has yet to make a formal charge against the Chinese hackers, but the Chinese government responded to the media reports with its usual denials and deflections. Initial reports said that the hackers had captured about 10% of the agency’s emails from sometime in 2021 to May 2023, but VSSE has since issued a clarification that it was only compromised during 2023 and that it was more like 5% of the emails.
The incident is nevertheless troubling as the emails captured may have contained discussions between the intelligence service and law enforcement as well as the highest levels of national government. The external email system that was breached was also used by the VSSE’s HR department, and could have passed some sensitive personal information belonging to its staff and job applicants.
The denials from the Chinese government about hacking fall flat in the face of mountains of attribution across the globe, both by many different national governments and many third-party security researchers that specialize in tracking sophisticated and well-resourced APT groups. The incident makes clear that there remains a strong interest in monitoring the communications of other world governments, even at the unclassified level.
