Hackers have stolen files on Ukraine crisis from Belgian Foreign Ministry

Unknown hackers have stolen files on the Ukraine crisis from the Belgian Foreign Ministry, causing the crackdown of targeted servers.

A new cyber espionage campaign hit the Belgian foreign ministry, unknown hackers have stolen data related to the Ukraine crisis last week. The cyber attack has caused the crackdown of targeted servers which has left diplomats without Internet, also email services were impacted by the attacks.

The attackers used a malicious code to infiltrate Belgian foreign ministry networks and steal documents related to the situation in Ukraine, it’s my personal opinion that we are faced with a new state-sponsored attack, hackers in fact were specifically interested to the crisis in East Europe and targeted the Belgium entity because its access to sensitive information managed by countries in the European Union.

Let’s consider also that the Belgian capital of Brussels hosts the headquarter of the European Union, it is the primary seat, the major institutions of the European Council are based wholly or in part in the Belgian city.

“It was malware which copied documents specifically related to the Ukraine crisis,” “We saw that data was stolen about the crisis in Ukraine but we do not yet know who stole it,” reported a spokesman for the Belgian foreign ministry.

The spokesman avoided to provide further details on the stolen documents and their level of confidence, he also confirmed that the network has been completely shut down all the services were interrupted. According official news the cyber attack hasn’t impacted the ministry’s internal networks, the Communication with Belgium’s embassies were no interrupted after the offensive.

This isn’t the first incident occurred in Belgium, in September Belgacom, the largest telecommunications company in Belgium and primarily state owned, announced that its IT  infrastructure has suffered a cyber attack malware based. The attackers hacked company IT systems and infected with an unknown malware. A few dozen machines on the company’s network were compromised, including some servers. The concerning news is that the intrusion had been active for as long as two months by the time the Belgian company discovered it.

“Experts discovered a virus in the offices of Prime Minister Elio Di Rupo, which they said was communicating with a server in Hong Kong. Last May, hackers sent emails from Di Rupo’s personal account to a Belgian newspaper.” reported Reuters.

Currently investigations on the cyber attack  are ongoing.

Pierluigi Paganini

(Security Affairs –  Belgian foreign ministry, cyber espionage)  

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Akamai researchers discovered a new Mirai botnet variant targeting a vulnerability in DigiEver DS-2105 Pro…

8 hours ago

A ransomware attack disrupted services at Pittsburgh Regional Transit

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency's…

9 hours ago

A cyber attack hit Japan Airlines delaying ticket sales for flights

A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing…

13 hours ago

Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic…

22 hours ago

BellaCPP, Charming Kitten’s BellaCiao variant written in C++

Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao…

1 day ago

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to…

1 day ago

This website uses cookies.