Belgium is investigating allegedly a National Security Services (VSSE) data breach by Chinese government hackers.
In a statement sent to TechCrunch on Friday, the Belgian Federal Prosecutor's Office said that an investigation into the cyberattack was opened in November 2023 after learning about the alleged violations.
This reviewed an earlier report by French-language Belgian newspaper Le Soir, reporting that Chinese hacking groups could access the intelligence agency's external mail server between 2021 and 2023.
The unnamed Chinese hacking group reportedly exploited a vulnerability in the software of US cybersecurity company Barracuda. The critical assessment that Barracuda first disclosed in May 2023 affects the company's Email Security Gateway (ESG) appliance, a firewall for filtering inbound and outbound emails of malicious content.
“Questions regarding VSSE violations are being addressed appropriately to VSSE,” Barracuda spokesman Leslie Sullivan told TechCrunch. The VSSE did not respond to TechCrunch questions.
Security researchers at US cybersecurity firm Mandiant previously said that vulnerabilities that allow hackers to remove sensitive corporate data were exploited as zero-day by China-backed Cyberspion Groups by target organizations around the world. According to Mandiant, almost a third of the target organizations were government agencies.
The patch was released due to the vulnerability, but in June 2023 Barracuda urged all affected customers to replace ESG appliances affected by the vulnerability. We also advised customers to rotate the credentials connected to the appliance and check for signs of compromise until at least October 2022.
According to Le Soir, China-backed hackers have exploited Barracuda's flaws to remove 10% of Belgian intelligence reporting agency's inbound and outbound emails. Although the categorized information is not affected, it should be noted that personal data for almost half of VSSE employees, including identity documents, resumes and internal communications, were accessed.
VSSE reportedly discontinued the use of Barracuda products after the cyberattack, which was first reported by local media in July 2023.
Zack Whittaker contributed the report.