The internal affairs of the Belgian Federal Public Service were hacked. Attackers gained access to the systems for the first time in April 2019 and were able to read internal emails. The Belgian Cybersecurity Center found out about the attack last March.
VRT says government service The cyber criminals wanted to infiltrate the Interior Ministry’s network and steal personal information. As far as is known, the attackers only gained access to the internal mail messages of the internal and “local systems”. This government service is responsible for, among other things, the Belgian police services’ databases, immigration affairs, election organization, and identity card issuance. These systems were not affected, the government agency said, and there were no classified information or state secrets on the compromised network.
from Government service speaks About a “complex, sophisticated and deliberate cyberattack”, the service then followed suit From Microsoft Exchange-zerodays That became known in March. The Ministry of the Interior uses Exchange mail servers and thus has requested the Cybersecurity Center in Belgium for assistance with security. The CCB found “loopholes” in the government service network, which the CCB removed.
The center decided to conduct further investigations about the government service network. In this investigation, there were “hidden indications” of suspicious acts. The first effects date back to April 2019. The complexity of the attack “indicates an actor with extensive cyber capabilities and resources.” The intentional actions of the attackers lead the government and the CCB to suspect that the attackers wanted to spy.
Although CCB tracked down the attack due to Exchange vulnerabilities, the government service against VRT maintains that those vulnerabilities were not the cause of the hacking attack. How the attackers entered the network, government service has not yet been revealed.
CCB says that access to the attackers is now ceased, malware has been removed, and “important information has been secured”. Internal systems are being “cleaned up” to restore security, and the IT infrastructure is being modernized. Further investigation into the attack is now underway, in part by the Federal Prosecutor’s Office. Other Belgian organizations have been informed of the attack, including the police, ADIV, the National Crisis Center and the Data Protection Authority.