Chinese hackers infiltrated Belgian government network via Microsoft Exchange exploit

Chinese hackers infiltrated Belgian government network via Microsoft Exchange exploit

Chinese hackers infiltrated Belgian Interior Ministry's network

The computer system of the Belgian government’s home affairs ministry was reportedly infiltrated by Chinese hackers in 2019 who exploited vulnerabilities in Microsoft’s Exchange system to gain persistent access to the network and exfiltrate data to their own servers.

Earlier today, Belgian daily De Standaard revealed that hackers, who are believed by the Belgian government to be state-sponsored Chinese actors, infiltrated the systems of the federal home affairs ministry which maintains the population register, police databases, election management, and crisis management data.

According to the Centre for Cyber-Security Belgium (CCB), the intrusion may have occurred as far back as April 2019, indicating that the hackers stayed inside the federal ministry’s network for nearly two years until cyber experts finally detected the intrusion.

“In March 2021, CCB cyber experts found traces of suspicious manipulation dating back to April 2019. This is a very complex attack, for which hackers have resorted to techniques specifically designed to infiltrate a network undetected and to remain there as long as possible,” CCB said.

“The complexity of this attack indicates that this is an advanced and proficient attacker with extensive cyber capabilities, probably used for espionage purposes.”

The Federal Public Service Interior (FPS) ministry also issued a statement in reference to the cyber intrusion, terming it “a complex, sophisticated and targeted cyber attack” and that the determination and discreet character of the hacker arousing suspicions of cyber espionage.

The ministry said that when CCB patched its Microsoft Exchange servers with updates issued by Microsoft on March 2 this year, the agency carried out further investigations and discovered traces of intrusion dating back to April 2019.

“Earlier this year, Microsoft was made aware of a series of vulnerabilities in its Exchange servers. These are email servers used worldwide by thousands of companies. Microsoft released updates on March 2 to once again protect its systems.

“The FPS Interior also uses Microsoft Exchange servers and has requested assistance from the CCB. The SPF, like thousands of businesses around the world, has been vulnerable and “entry points” have been discovered on the network. These were closed and the updates were immediately applied, but the CCB also carried out more extensive monitoring.

“It was during this investigation that the CCB’s cyber-experts identified subtle tracks of questionable acts on the SPF network. The first tracks date from April 2019 and indicate a very sophisticated cyberattack. The complexity of this attack indicates an actor who has cyber capacities and extensive resources. The perpetrators acted in a targeted manner, which is reminiscent of espionage,” the ministry said.

While the attacker’s access to the FPS computer network has been stopped and all important information has been secured, it is pertinent to note that the intrusion went undetected for nearly two years. During this time, it is possible that hackers behind the intrusion exfiltrated vast amounts of data back to their own servers, even though confirmation of the exfiltration is yet to arrive. The discovery also confirms that vulnerabilities in the Microsoft Exchange system were known to hackers long before Microsoft discovered the flaws.

“Comments from Microsoft indirectly suggest that the victim was aware of the critical 0day vulnerabilities in MS Exchange Server much earlier than in March 2021 when they were publicly disclosed by Microsoft. Such a protracted reaction and catastrophic consequences may trigger severe legal ramifications for the tech giant and negatively impact its business in a long-term perspective,” says Ilia Kolochenko, founder of ImmuniWeb.

Also Read: Communications network used by several ministries was hacked, Germany confirms

Copyright Lyonsdown Limited 2021

Top Articles

Top 6 Mobile App-Related Data Breaches

Smartphones are a prevalent feature in modern life. With more than three billion smartphone users around the world, who downloaded over 200 billion apps in 2019, it comes as no…

Cyber-security blind spots in PaaS and IaaS environments

Research finds that 100% of companies experienced a security incident, but continue to expand their footprint

Popping the hood on deep learning

Now that cyber-criminals have learned how to compromise machine learning defences, deep learning provides a way forward for security teams

Related Articles

[s2Member-Login login_redirect=”” /]