The Belgian federal prosecutor’s office is investigating a potential breach of the country’s State Security Service (VSSE), possibly perpetrated by Chinese hackers. This significant cybersecurity incident raises serious concerns about national security and data protection.
Timeline and Scope of the Breach
Reports suggest that Chinese state-backed attackers accessed the VSSE’s external email server between 2021 and May 2023.
The compromised server handled communications with various entities, including public prosecutors, government ministries, law enforcement agencies, and other Belgian public administration bodies. This compromised approximately 10% of all emails sent and received by VSSE staff.
The breach also affected internal HR communications, exposing sensitive personal data of nearly half of the VSSE’s current staff and past applicants. This included identity documents and CVs. The timing, coinciding with a major recruitment drive, is particularly concerning.
As one anonymous intelligence source Intelligence Service Breachto Le Soir,
“The timing of the attack was especially unfortunate, as we were in the midst of a major recruitment drive…We thought we had bought a bulletproof vest, only to find a gaping hole in it.”
Technical Details: Zero-Day Exploit and Malware
The attack likely exploited a zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) appliance. In May 2023, Barracuda issued a warning about attackers using custom malware (Saltwater, SeaSpy, Sandbar, and SeaSide) in data-theft attacks since at least October 2022, urging customers to replace compromised appliances immediately. Following this vulnerability disclosure, the VSSE ceased using Barracuda as its cybersecurity provider and advised affected staff to renew their identification documents.
Lack of Evidence on Dark Web
Currently, there’s no evidence of stolen data appearing on the dark web or any ransom demands. Anonymous sources indic ate that the VSSE’s security team actively monitors dark web hacking forums and marketplaces for leaked information.
The VSSE has remained largely silent, only confirming that a formal complaint was filed. The federal prosecutor’s office launched a judicial investigation in November 2023, but it’s still early to reach any definitive conclusions.
Previous Chinese State-Sponsored Attacks on Belgium
This isn’t the first time Belgium has faced accusations of Chinese state-sponsored cyberattacks. In July 2022, the country’s Minister for Foreign Affairs stated that the APT27, APT30, APT31, and Gallium (Softcell and UNSC 2814) threat groups targeted the defense and interior ministries. The Chinese Embassy in Belgium denied these allegations, citing a lack of evidence.
A spokesperson stated, “It is extremely unserious and irresponsible of the Belgian side to issue a statement about the so-called ‘malicious cyberattacks’ by Chinese hackers without any evidence.”
Implications for Enterprise Businesses
This incident highlights the critical need for robust cybersecurity measures for all organizations, especially those handling sensitive data. Regular security audits, employee training, and the use of up-to-date security software are crucial to mitigate the risk of similar breaches.
See our article on Top Cyber Threats Facing Enterprise Businesses in 2025 for more information. Furthermore, prompt patching of known vulnerabilities is paramount. Learn more about how to identify fake emails to prevent phishing attacks that can lead to similar data breaches.
Subscribe to our newsletter for daily updates on the latest cybersecurity news and trends.
