Belgium is investigating an alleged knowledge breach of its state safety service (VSSE) by Chinese language authorities hackers.
In an announcement despatched to TechCrunch on Friday, the Belgian federal prosecutor’s workplace mentioned an investigation right into a cyberattack was opened in November 2023 after it realized in regards to the alleged breach.
This confirms an earlier report by the French-language Belgian newspaper Le Soir, which reported {that a} Chinese language hacking group gained entry to the exterior mail server of the intelligence service between 2021 and 2023.
The unnamed Chinese language hacking group reportedly exploited a vulnerability in U.S. cybersecurity agency Barracuda’s software program. The critical-rated flaw, which Barracuda first disclosed in Might 2023, impacts the agency’s E-mail Safety Gateway (ESG) equipment, a firewall for filtering inbound and outbound emails for probably malicious content material.
Barracuda spokesperson Lesley Sullivan advised TechCrunch that “questions concerning any breaches at VSSE are extra appropriately directed to VSSE.” VSSE didn’t reply to TechCrunch’s questions.
Safety researchers at U.S. cybersecurity agency Mandiant previously said the vulnerability, which may enable hackers to exfiltrate delicate company knowledge, had been exploited as a zero-day by a China-backed cyberespionage group to focus on organizations around the globe. Nearly a 3rd of the goal organizations have been authorities companies, in keeping with Mandiant.
Although a patch was launched for the vulnerability, Barracuda in June 2023 urged all affected clients to switch ESG home equipment impacted by the vulnerability. It additionally suggested clients to rotate any credentials related to the home equipment and to verify for indicators of compromise relationship again to not less than October 2022.
In accordance with Le Soir, China-backed hackers exploited the Barracuda flaw to exfiltrate 10% of the Belgian intelligence service’s incoming and outgoing emails. It notes that whereas categorized data was not affected, the non-public knowledge of just about half of VSSE’s workers was accessed, together with identification paperwork, resumes, and inner communications.
VSSE reportedly discontinued its use of Barracuda’s merchandise following the cyberattack, which was first reported by local media in July 2023.
Zack Whittaker contributed reporting.