Belgium probes suspected Chinese hack of state security service

Belgium has launched a judicial investigation into an alleged Chinese cyberattack that compromised the email system of its state security service (VSSE), the federal prosecutor’s office said on Wednesday.

According to a report by Reuters, the prosecutor received a complaint from the VSSE regarding the incident.

The probe confirms an earlier report by the Belgian newspaper Le Soir, which revealed that unidentified Chinese state-sponsored hackers siphoned off 10% of the agency’s incoming and outgoing emails between 2021 and 2023.

The cyber-espionage operation reportedly exploited a vulnerability in an email security product provided by the U.S. cybersecurity firm Barracuda Networks. In 2023, cybersecurity researchers discovered that a Chinese threat actor, tracked as UNC4841, had leveraged this flaw to attack government entities and private-sector organizations in Taiwan, Hong Kong and Europe.

During the attacks, the hackers sent emails containing malicious attachments designed to exploit the Barracuda vulnerability. According to a previous report from the company, the hackers deployed three strains of malware — Saltwater, SeaSpy, and Seaside — which provided a backdoor into compromised systems, enabling a range of malicious activities against victim networks.

According to Le Soir, the attack by suspected Chinese hackers on the VSSE only affected an external email server that handled communications with government ministries, law enforcement, and public prosecutors, while classified internal communications remained untouched. 

However, the compromised server also processed human resources-related correspondence, raising concerns that personal data belonging to nearly half of the VSSE’s staff and past applicants may have been exposed.

Belgian officials have not disclosed any details about the VSSE breach and have not commented on Le Soir’s report, stating only that it is too early to draw conclusions as the investigation is still ongoing.

The attack on the VSSE was first reported by local media in 2023, the same year Barracuda publicly disclosed the vulnerability in its software. Following the attack, the VSSE reportedly discontinued its use of Barracuda’s services and advised affected staff to renew personal identification documents to mitigate identity fraud risks.

There is currently no evidence that any data allegedly stolen during the attack has surfaced on the dark web or that ransom demands have been made. Local media, citing anonymous sources, reported that the VSSE’s internal security division continues to monitor online marketplaces for any signs of leaked information.

Chinese authorities have not yet commented on the allegations.