Belgiumās State Security Service (VSSE) has suffered a large-scale cyberattack, with Chinese state-linked hackers infiltrating its email system between 2021 and 2023.
The breach, described as the most serious security incident in the agencyās history, resulted in the exfiltration of around 10% of its incoming and outgoing emails.
While classified information is not believed to have been compromised, the personal data of nearly half of VSSEās personnel, including identity documents, may have been exposed.
A Two-Year Infiltration Exploiting American Software
The attack was traced to a vulnerability in the Email Security Gateway Appliance, a cybersecurity tool developed by American firm Barracuda Networks. The software, designed to filter and protect email communications, was exploited by Chinese cyber-espionage operatives to siphon sensitive data from the Belgian intelligence service.
The breach was first reported in 2023 by Belgian media Knack and Datanews, and later confirmed by Barracuda. According to an internal VSSE investigation, hackers gained persistent access to the agencyās email communications over a two-year period, though the precise nature of the stolen information remains unclear.
Belgiumās Belgian Pipeline Organisation, a military body responsible for monitoring undersea pipelines in the North Sea, was also a victim of the same cyberattack, further raising concerns about national security vulnerabilities.
Exposure of Intelligence Personnelās Personal Data
One of the most serious consequences of the breach is the potential exposure of identity documents and personal information of nearly half of VSSEās staff. Intelligence personnel are particularly vulnerable to foreign surveillance, blackmail, or infiltration if their identities are compromised.
Although the full extent of the breach remains unknown, VSSE leadership has urged employees who transmitted personal data during the period of the cyberattack to renew their identity documents as a precautionary measure. However, internal investigations have not been able to determine exactly which individuals have been affected.
Official Response and Criminal Investigation
Belgiumās intelligence agency has filed a criminal complaint over the cyberattack but has refrained from making public statements on the matter. The Belgian government has also taken diplomatic action in response to previous cyber intrusions attributed to China.
In April 2024, the Chinese chargĆ© dāaffaires in Belgium was summoned after it was confirmed that a Belgian MP had been targeted by Chinese hackers.
While Beijing has consistently denied involvement in state-sponsored cyberattacks, Western intelligence agenciesāincluding those in Belgiumācontinue to point to Chinese-linked hacking groups as persistent threats to government institutions and national security.
Chinaās Growing Cyber-Espionage Operations in Europe
The attack on Belgiumās intelligence service is part of a broader pattern of Chinese cyber-espionage targeting European institutions. In recent years, Western governments have repeatedly warned of hacking groups linked to Chinaās Ministry of State Security (MSS), such as APT31 and APT40, which are believed to conduct cyber-intrusions against government agencies, defence contractors, and critical infrastructure.
Belgium has been a repeated target of cyber operations attributed to China. In 2021, Belgian officials accused Chinese hackers of infiltrating the Defence Ministryās networks, and in 2024, a Belgian politician was confirmed to have been targeted in a separate cyberattack. The latest incident involving VSSE suggests that Chinaās cyber-espionage activities in Belgium remain active and persistent.
Implications for Belgium and European Cybersecurity
The large-scale breach of Belgiumās intelligence service underscores the increasing vulnerability of European security institutions to foreign cyber threats. The attack has renewed discussions on the cybersecurity resilience of EU intelligence agencies, particularly regarding their reliance on third-party software providers such as Barracuda.
Belgiumās Centre for Cybersecurity (CCB) has been working to strengthen national cyber defences, but the VSSE breach highlights ongoing weaknesses. Greater investment in domestic cybersecurity capabilities and closer collaboration with European and NATO intelligence partners may be necessary to mitigate future risks.
For VSSE, the cyberattack represents a critical challenge. Strengthening encryption protocols, improving internal security measures, and adopting zero-trust cybersecurity frameworks could help prevent similar breaches in the future.
