Belgium’s Interior Ministry uncovers 2-year-long compromise of its network
Belgium’s Federal Public Service Interior (i.e., the country’s Interior Ministry) has suffered a “complex, sophisticated and targeted cyberattack.”
What happened?
When Microsoft released out-of-band security updates for Exchange Server in early March to fix zero-day vulnerabilities exploited by the Hafnium threat actor, the FBS Interior called in the Center for Cybersecurity Belgium (CCB) to help with the patching of their Exchange servers.
While doing that, the CCB also carried out more extensive monitoring and “found subtle leads to questionable acts on the network of the FPS Interior.”
The investigation showed that the attacker broke in in April 2019, meaning that they did not exploit the Exchange flaws to get in.
“The complexity of this attack indicates an actor who has cyber capacities and extensive resources. The perpetrators acted in a targeted manner, which sounds like espionage,” the FPS Interior noted.
The FPS Interior hosts databases related to the country’s police services, immigration affairs, the organization of the elections and the distribution of identity cards, Belgian news outfit VRT NWS pointed out.
The CCB says that citizens and the services provided by the Interior have not be affected by the attack, but the (likely state-sponsored) attacker has access to local data. They noted that no sensitive data has been stolen, but noted that the ongoing investigation may yet overturn that initial finding.
What now?
FPS Interior says that their systems have been cleaned and that important information has been secured, and that they have started a complete modernization of their IT infrastructure “with a view to optimizing security as much as possible.”
This communication comes weeks after Belnet, a Belgian internet provider for educational institutions, research centres, scientific institutes and government services, was temporarily crippled by a large-scale denial-of-service (DDoS) attack.
In related news, the Belgian’s National Security Council has recently approved the details of a new cybersecurity strategy that’s aimed “to make Belgium one of the least vulnerable countries in Europe.”