Cyber Incident Victim: Kingdom of Belgium
Date:
Oct 2024
Location:
Belgium
Summary
A pro-Russian hacking group conducted DDoS attacks targeting multiple Belgian municipal websites and port authorities, causing temporary outages for several communes and port operations including Antwerp and Zeebrugge. The attacks overloaded servers with traffic, rendering sites inaccessible to regular users, with some services experiencing prolonged disruptions while others recovered within approximately thirty minutes. Cybersecurity authorities confirmed the incidents posed no critical danger and assured no impact on upcoming local elections due to election systems operating offline.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A series of distributed denial-of-service (DDoS) attacks targeted Belgian port authorities and municipal government websites between October 7 and 9, 2024, disrupting public access to critical online services. The pro-Russian hacker collective NoName057(16) claimed responsibility for these attacks, publishing a target list on their Telegram channel at 08:44 on October 8 that included nine municipalities: Ronse, Spiere-Helkijn, Sint-Genesius-Rode, Kraainem, Wemmel, Bever, Drogenbos, Wezembeek-Oppem, and Linkebeek. Major maritime infrastructure was simultaneously attacked, with the Port of Antwerp, Port of Zeebrugge, and Liège inland port experiencing service interruptions. Additional targets included logistics platform Shipnext and the European Sea Ports Organisation (ESPO), while the merged Antwerp-Bruges port reported approximately thirty minutes of downtime. Initial attacks on October 7 had previously disrupted provincial and city websites, followed by renewed targeting of smaller municipalities on October 8. Despite official declarations that the attacks concluded by Tuesday evening, further disruptions occurred on October 9 affecting municipalities across multiple provinces: Amel, Büllingen, Bütgenbach, and Kelmis in East Belgium; Malmedy in Liège Province; and Mouscron and Enghien in Hainaut Province.
The Belgian Centre for Cybersecurity (CCB) confirmed the attacks originated from NoName057(16) but assessed them as non-dangerous, characterizing the incidents as basic DDoS operations designed to overwhelm servers with traffic rather than penetrate secured systems. Service availability fluctuated throughout the incident period, with some websites remaining offline while others experienced brief outages. Flemish Interior Minister Hilde Crevits publicly addressed concerns regarding potential election interference, confirming the October 13 municipal and provincial elections would proceed securely due to air-gapped voting machines lacking internet connectivity. The CCB implemented additional monitoring protocols to safeguard election result transmission channels, though no technical evidence suggested these DDoS attacks targeted electoral infrastructure. Operational impacts remained confined to temporary website unavailability without data compromise or persistent system damage across all affected entities.