Belgium government discovers old 2019 hack during Hafnium investigation

Belgian officials said that hackers breached the network of its interior ministry in a security incident that took place in April 2019.

The intrusion was discovered in March this year while the government's IT staff was investigating the status of its Exchange email servers after Microsoft warned customers of attacks from a Chinese hacking group called Hafnium.

Officials found Exchange servers that were vulnerable and needed patching, but the IT staff at the Federal Public Service Interior—the country's interior ministry—also found additional signs of compromise that dated back years, rather than months, when the first Hafnium attacks were spotted.

In a press release this week, Belgian interior ministry officials said the attackers "acted in a targeted manner, which is reminiscent of espionage" and that "the complexity of this attack indicated an actor who had cyber capabilities and extensive resources."

Identity of the attackers not shared

News of the attacks and the ministry's discovery was first reported on Wednesday by Belgian newspaper De Standaard. Initial reporting claimed the 2019 breach was carried out by Chinese hackers, but the newspaper has retracted its claim earlier today after Belgian officials refused to pin the attack on China.

The Centre for Cyber Security Belgium, the country's central authority for cybersecurity, and which helped the interior ministry investigate the 2019 hack, did not return a request for comment.

The announcement of the hack comes days after the Belgian government approved a new cyber strategy with an emphasis on revamping security at essential government institutions.

It also comes after the country saw a massive DDoS attack that crippled government systems on the day the Belgium Parliament was supposed to hold a meeting and hear a testimony from a survivor of China's Uyghur forced labor camps.

In February this year, CCB Managing Director Miguel De Bruycker also gave The Record an interview about how his institution helps keep the country safe.

h/t: @Dasprive

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.