Belgium hacked, most likely by China

Previously, Microsoft announced that the Chinese group "Hafnium" is exploiting a vulnerability in Exchange to infiltrate computer networks worldwide. [Shutterstock/Koshiro K]

Belgium’s interior ministry has been targeted by a cyberattack that saw intruders gain access to the ministry’s entire computer system. Belgian experts say the attack was likely carried out by China.

“The FPS Interior was the victim of a complex, sophisticated and targeted cyberattack. All necessary measures are taken,” the interior ministry said in a statement on Tuesday (25 May).

The attack, which was already uncovered in March by technicians of the Center for Cybersecurity Belgium (CCB), was initially launched in April 2019, the statement said.

The attack was kept secret so as not to expose the vulnerability of the system until it was protected.

The interior ministry asked the CCB to investigate the network after Microsoft announced problems with its Microsoft Exchange, the email system used by many companies and organisations. The hackers used a leak within Exchange to gain access to computer systems, Belgian media reported.

Previously, Microsoft announced that the Chinese hacker group “Hafnium” is exploiting a vulnerability in Exchange to infiltrate computer networks worldwide.

“The situation is under control: the network has been cleaned up and security has been restored. No further details can be communicated due to the ongoing investigation,” the ministry said in the statement.

The ministry’s servers were well protected and the hackers had not succeeded in getting hold of the most sensitive data, the ministry’s communications director, Olivier Maerens, told RTBF on Tuesday.

Federal prosecutors have launched an investigation to identify the origin of the operation, which data had been hacked and whether a foreign state was involved.

But the aim of the attack was not to jam the website or demand any ransom. It was “more complex and well-targeted, leading us to think it was espionage,” according to experts cited by RTBF.

Maerens said that “urgent action was taken to prevent the attacker’s access” and server security had been strengthened.

Earlier in May, another large-scale attack had caused a crash of Belgium’s Belnet network, which connects higher education establishments, universities, research centres and public administration. (Alexandra Brzozowski, EURACTIV.com)

Subscribe to our newsletters

Subscribe