Cyber Incident Victim: Kingdom of Belgium
Date:
Mar 2022
Location:
Belgium
Summary
A cyberattack targeting the Belnet research and education network disrupted online services for French-speaking universities, causing widespread website inaccessibility through a distributed denial-of-service (DDoS) attack that flooded the network with excessive access requests. The incident temporarily incapacitated institutional sites but did not involve data theft, with IT teams from affected institutions like Liège and Louvain swiftly mitigating the disruption within minutes and restoring normal operations while maintaining heightened monitoring. This marks the second such attack against these universities within a six-month period, though the motivation remains unclear as security officials collaborate to analyze the event.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 21, 2022, Belgian French-speaking universities experienced significant disruptions to their online services following a cyberattack targeting the Belnet research and education network. Beginning around 3:00 PM local time, the distributed denial-of-service (DDoS) attack flooded Belnet’s infrastructure with excessive access requests, overwhelming systems and rendering affiliated university websites nearly inaccessible. The attack impacted all French-language universities connected to Belnet, including the University of Mons, University of Liège, Catholic University of Louvain, and University of Namur. DDoS tactics disrupted normal operations by preventing legitimate users from accessing institutional sites, though no data theft or compromise occurred. At the University of Liège, service interruptions lasted only minutes due to rapid intervention by IT teams, who implemented countermeasures to restore functionality while maintaining heightened monitoring. The University of Mons confirmed the attack’s technical mechanism—deliberate traffic saturation to cripple network operations—but emphasized no sensitive information was exfiltrated.
Affected institutions activated coordinated response protocols, with IT security teams from multiple universities collaborating to assess the incident’s scope through Belnet. The Catholic University of Louvain publicly confirmed the absence of data breaches, while the University of Namur noted that chief information security officers (RSSIs) across institutions were pooling resources to develop a comprehensive event analysis. Service restoration timelines varied, but most universities resumed normal operations within hours of detection. This incident marked the second cyberattack against French-speaking Belgian universities within six months, though the article did not specify parallels with the prior event. No attribution or motive for the attack was disclosed by responding institutions, which maintained operational vigilance following the initial mitigation.