The Belgian state security service has suffered a serious data breach due to a cyberattack linked to hackers working for China. This is reported by the Brussels Times, UNN reports.
Details
The attackers exploited a vulnerability in the software of the American company Barracuda and intercepted a significant part of the Belgian intelligence's email correspondence for almost two years. This was the largest data breach in the history of VSSE.
According to the information, hackers gained access to the external mail server of the intelligence service between 2021 and 2023. Although internal classified communications remained untouched, the personal data of hundreds of employees and job candidates may have been compromised. Of particular concern is the fact that the attack took place during the active recruitment of new agents, which increased the amount of information transmitted through the vulnerable server.
VSSE had previously used Barracuda solutions to protect its communications, but in 2023, the company discovered a critical vulnerability in its email firewall. This was exploited by state-sponsored hackers who organized a long-term espionage operation. As a result of the hack, about 10% of all incoming and outgoing VSSE correspondence could be intercepted.
The Belgian security service confirmed the attack, but was unable to determine the exact amount of stolen information. It is known that the allegedly stolen data includes identity documents, resumes and internal communications of employees. At the moment, there is no evidence that this data has appeared on the black market, but VSSE is constantly monitoring the dark web.
The case was referred to the federal prosecutor and Committee R, which oversees the activities of the intelligence services. The investigation is ongoing, but intelligence officials refuse to comment on the details of the case, citing its secrecy. In response to the incident, VSSE has completely stopped using Barracuda cybersecurity solutions and implemented additional data protection measures.