Hackers have stolen files on Ukraine crisis from Belgian Foreign Ministry

Unknown hackers have stolen files on the Ukraine crisis from the Belgian Foreign Ministry, causing the crackdown of targeted servers.

A new cyber espionage campaign hit the Belgian foreign ministry, unknown hackers have stolen data related to the Ukraine crisis last week. The cyber attack has caused the crackdown of targeted servers which has left diplomats without Internet, also email services were impacted by the attacks.

The attackers used a malicious code to infiltrate Belgian foreign ministry networks and steal documents related to the situation in Ukraine, it’s my personal opinion that we are faced with a new state-sponsored attack, hackers in fact were specifically interested to the crisis in East Europe and targeted the Belgium entity because its access to sensitive information managed by countries in the European Union.

Let’s consider also that the Belgian capital of Brussels hosts the headquarter of the European Union, it is the primary seat, the major institutions of the European Council are based wholly or in part in the Belgian city.

“It was malware which copied documents specifically related to the Ukraine crisis,” “We saw that data was stolen about the crisis in Ukraine but we do not yet know who stole it,” reported a spokesman for the Belgian foreign ministry.

The spokesman avoided to provide further details on the stolen documents and their level of confidence, he also confirmed that the network has been completely shut down all the services were interrupted. According official news the cyber attack hasn’t impacted the ministry’s internal networks, the Communication with Belgium’s embassies were no interrupted after the offensive.

This isn’t the first incident occurred in Belgium, in September Belgacom, the largest telecommunications company in Belgium and primarily state owned, announced that its IT  infrastructure has suffered a cyber attack malware based. The attackers hacked company IT systems and infected with an unknown malware. A few dozen machines on the company’s network were compromised, including some servers. The concerning news is that the intrusion had been active for as long as two months by the time the Belgian company discovered it.

“Experts discovered a virus in the offices of Prime Minister Elio Di Rupo, which they said was communicating with a server in Hong Kong. Last May, hackers sent emails from Di Rupo’s personal account to a Belgian newspaper.” reported Reuters.

Currently investigations on the cyber attack  are ongoing.

Pierluigi Paganini

(Security Affairs –  Belgian foreign ministry, cyber espionage)  

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Black Basta ransomware gang hit BT Group<gwmw style="display:none;"></gwmw>

BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a…

8 hours ago

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Germany's largest crime marketplace, Crimenetwork, has been shut down, and an administrator has been arrested.…

10 hours ago

Veeam addressed critical Service Provider Console (VSPC) bug

Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers…

15 hours ago

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks…

20 hours ago

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls…

22 hours ago

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited…

1 day ago

This website uses cookies.