Belgium claims China-linked APT groups hit its ministries

The Minister for Foreign Affairs of Belgium blames multiple China-linked threat actors for attacks against The country’s defense and interior ministries.

The Minister for Foreign Affairs of Belgium revealed that multiple China-linked APT groups targeted the country’s defense and interior ministries.

“Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the FPS Interior and the Belgian Defence. Belgium assesses these malicious cyber activities to have been undertaken by Chinese Advanced Persistent Threats (APT).” reads the Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government. “We have detected malicious cyber activities that targeted the FPS Interior.”

According to the government of Belgium the attacks were carried out by multiple Advanced Persistent Threat groups, including APT27, APT30, and APT31.

The declaration urges the Chinese government to take action against malicious cyber activities undertaken by Chinese actors.

Belgium authorities attribute the attacks against the Belgian Defence to the China-linked APT group UNSC 2814/GALLIUM/SOFTCELL.

The activity of the APT group was first reported by Microsoft in December 2019, when the Microsoft Threat Intelligence Center (MSTIC) warned of the GALLIUM threat group targeting global telecommunication providers worldwide. However, the group has been active at least since 2012.

Since 2021, the cyberespionage group has started targeting financial institutions and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia and Vietnam. Unlike past attacks, the group started using the PingPull RAT.

Belgium highlights that these cyber activities violate the norms of responsible state behaviour as endorsed by all UN member states.

“We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.” continues the declaration.

The Chinese government denies the accusations, and the spokesperson of the Chinese Embassy in Belgium defined extremely unserious and irresponsible Belgian government claims.

“We have taken note of the statement. It is extremely unserious and irresponsible of the Belgian side to release a statement about the so-called “malicious cyberattacks” by Chinese hackers without any evidence. On the one hand, the Belgian side refuses to provide the factual basis and, on the other hand, it makes groundless accusations and deliberately denigrates and smears China. We express our strong dissatisfaction and our firm opposition.” the spokesperson said.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, China)

[adrotate banner=”5″]

[adrotate banner=”13″]