Belgium says China-linked APT groups attacked its interior and defence ministries

Belgium says China-linked APT groups attacked its interior and defence ministries

Image:
Belgium says China-linked APT groups attacked its interior and defence ministries

APT 27, APT 30, APT 31 and Gallium are said to be the perpetrators of the attacks

Belgium has blamed multiple threat actors with links to China for attacks against the country's interior and defence ministries.

The Minister for Foreign Affairs stated in an online post that they have uncovered malicious cyber activities by threat groups targeting the FPS Interior and the Belgian Defence, which had a significant impact on Belgium's sovereignty, democracy, security and society.

"Belgium assesses these malicious cyber activities to have been undertaken by Chinese Advanced Persistent Threats (APT)," the post said.

The hacker groups APT 27, APT 30, and APT 31 have been identified as the perpetrators of the attacks on the interior ministry, while the attacks on the defence department is attributed to Chinese hackers' collective UNSC2814/Gallium/Softcell.

Microsoft was the first to notify the activities of the Gallium gang in December 2019, when the Microsoft Threat Intelligence Centre (MSTIC) issued a warning that the group was aiming its attacks at telecommunication firms globally. However, the group is thought to be conducting malicious activities since 2012.

In January last year, German officials reported that APT27 had been seen targeting local firms.

AP30 is said to in operation for about 20 years.

Belgium's Foreign Ministry said that the nation vehemently condemns these hostile online operations, which are carried out in defiance of the norms of responsible state behaviour endorsed by all UN members.

It urged Chinese authorities to follow the rules of responsible state behaviour and to take action against such hostile activities originating from its territory.

The spokesperson of the Chinese Embassy in Belgium refuted the charges, stating that the Belgian government's assertions were not supported by any evidence.

"It is extremely unserious and irresponsible of the Belgian side to issue a statement about the so-called 'malicious cyberattacks' by Chinese hackers without any evidence," the spokesperson said.

"We express our strong dissatisfaction and our firm opposition."

The spokesperson said: "China has always been a strong advocate of cybersecurity and one of the main victims of cyberattacks."

They went on to say that the practice of making accusations against other countries that are not supported by evidence, as well as politicising and stigmatising issues related to cybersecurity without any basis will only "weaken mutual trust between countries and affect their normal cooperation in this field."

This is not the first time that key institutions in Belgium have been hit with cyberattacks.

In May 2021, Belgium suffered a large-scale DDoS attack that impacted the activities of its Parliament, ministries, educational establishments and public administration offices.

While Belgian authorities did not attribute the attack to any specific threat actor, some political experts observed that it began at around the same time the Foreign Affairs Committee was scheduled to hold a meeting on the human rights situation in China's Xinjiang Uyghur Autonomous Region.

In particular, the Committee was supposed to hear a testimony from an Uyghur woman who had reportedly escaped from a forced labour camp in China.

In December, the Belgian Ministry of Defence confirmed a cyberattack on its computer network that exploited the Log4j vulnerability.

Earlier this month, the heads of FBI and MI5 said China is engaged in a coordinated campaign on a large scale to get the intelligence and trade secrets it believes are required to succeed in commerce and geopolitics.