Belgium is investigating allegedly a National Security Services (VSSE) data breach by Chinese government hackers.
In a statement sent to TechCrunch on Friday, the Belgian Federal Prosecutor’s Office said that an investigation into the cyberattack was opened in November 2023 after learning about the alleged violations.
This reviewed an earlier report by French-language Belgian newspaper Le Soir, reporting that Chinese hacking groups could access the intelligence agency’s external mail server between 2021 and 2023.
The unnamed Chinese hacking group reportedly exploited a vulnerability in the software of US cybersecurity company Barracuda. The critical assessment that Barracuda first disclosed in May 2023 affects the company’s Email Security Gateway (ESG) appliance, a firewall for filtering inbound and outbound emails of malicious content.
“Questions regarding VSSE violations are being addressed appropriately to VSSE,” Barracuda spokesman Leslie Sullivan told TechCrunch. The VSSE did not respond to TechCrunch questions.
Security researchers at US cybersecurity firm Mandiant said that vulnerabilities that could allow hackers to remove sensitive corporate data have been exploited as zero-day by target organizations around the world by China-backed Cyber Epion Group. According to Mandiant, almost a third of the target organizations were government agencies.
The patch was released due to the vulnerability, but in June 2023 Barracuda urged all affected customers to replace ESG appliances affected by the vulnerability. They also encouraged customers to rotate the credentials connected to the appliance to see at least signs of compromise dating back to October 2022.
According to Le Soir, China-backed hackers have exploited Barracuda’s flaws to remove 10% of Belgian intelligence reporting agency’s inbound and outbound emails. Although the categorized information was not affected, it accessed personal data for almost half of VSSE employees, including identity documents, resumes and internal communications.
VSSE reportedly discontinued the use of Barracuda products after the cyberattack, which was first reported by local media in July 2023.
Zack Whittaker contributed the report.