Belgium is investigating an alleged data breach of its state security service (VSSE) by Chinese language authorities hackers.
In an announcement despatched to information.killnetswitch on Friday, the Belgian federal prosecutor’s workplace mentioned an investigation right into a cyberattack was opened in November 2023 after it realized in regards to the alleged breach.
This confirms an earlier report by the French-language Belgian newspaper Le Soir, which reported {that a} Chinese language hacking group gained entry to the exterior mail server of the intelligence service between 2021 and 2023.
The unnamed Chinese language hacking group reportedly exploited a vulnerability in U.S. cybersecurity agency Barracuda’s software program. The critical-rated flaw, which Barracuda first disclosed in Could 2023, impacts the agency’s Electronic mail Safety Gateway (ESG) equipment, a firewall for filtering inbound and outbound emails for doubtlessly malicious content material.
Barracuda spokesperson Lesley Sullivan informed information.killnetswitch that “questions relating to any breaches at VSSE are extra appropriately directed to VSSE.” VSSE didn’t reply to information.killnetswitch’s questions.
Safety researchers at U.S. cybersecurity agency Mandiant beforehand mentioned the vulnerability, which might permit hackers to exfiltrate delicate company knowledge, had been exploited as a zero-day by a China-backed cyberespionage group to focus on organizations all over the world. Virtually a 3rd of the goal organizations had been authorities businesses, in line with Mandiant.
Although a patch was launched for the vulnerability, Barracuda in June 2023 urged all affected prospects to switch ESG home equipment impacted by the vulnerability. It additionally suggested prospects to rotate any credentials related to the home equipment and to examine for indicators of compromise relationship again to a minimum of October 2022.
In line with Le Soir, China-backed hackers exploited the Barracuda flaw to exfiltrate 10% of the Belgian intelligence service’s incoming and outgoing emails. It notes that whereas categorised info was not affected, the non-public knowledge of just about half of VSSE’s workers was accessed, together with id paperwork, resumes, and inside communications.
VSSE reportedly discontinued its use of Barracuda’s merchandise following the cyberattack, which was first reported by native media in July 2023.
Zack Whittaker contributed reporting.
