Internal audit suggests “biggest breach” of Belgian spy service ever between 2021-2023.
A group of Chinese hackers stole data from Belgian state security services between 2021 and 2023, in what is considered the biggest breach of the services ever, local newspaper Le Soir reported on Wednesday.
The hacking group exploited a vulnerability in the email system of a U.S. software supplier, called Barracuda, that was previously reported in 2023 and was being used by Belgian intelligence as well as the Belgian Pipeline Organisation, which monitors pipelines in the North Sea.
Cyber researchers at Google’s Mandiant previously said the group were very likely a cyberespionage service working for the Chinese state.
Le Soir on Wednesday cited several sources close to the State Security Service (VSSE) saying an internal audit had found the hackers gained access to the external server for email exchanges.
The report said the hacked data did not include classified information as it was saved on an internal server. But the hackers are believed to have obtained correspondence with the country’s prosecutors’ office, police, a ministerial cabinet and other institutions, as well as personal data of staff of intelligence service.
VSSE did not immediately respond to a request for comment.