Cyber Incident Victim: Région de Bruxelles-Capitale
Date:
Jul 2022
Location:
Belgium
Summary
Malicious cyber activities attributed to Chinese Advanced Persistent Threat groups, including APT27, APT30, APT31, and UNC2814/GALLIUM/SOFTCELL, targeted Belgian federal entities responsible for interior affairs and defense, significantly impacting national sovereignty, democracy, and security. The country denounced these actions as violations of UN-endorsed norms for responsible state behavior in cyberspace, urging Chinese authorities to prevent such activities originating from their territory while emphasizing continued collaboration with European and international partners to strengthen cyber resilience and counter threats through enhanced information sharing and diplomatic engagement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In mid-2022, Belgian authorities disclosed malicious cyber activities targeting critical government institutions, significantly impacting national sovereignty, democracy, security, and societal infrastructure. The Federal Public Service Interior (FPS Interior) and Belgian Defence were confirmed as primary targets of these operations. Investigations linked the intrusion against FPS Interior to three Chinese state-sponsored Advanced Persistent Threat groups: APT27, APT30, and APT31. Simultaneously, cyber operations against Belgian Defence were attributed to the threat cluster identified under multiple aliases including UNC 2814, GALLIUM, and SOFTCELL. These coordinated campaigns demonstrated sophisticated capabilities to infiltrate sensitive government networks. The Belgian government formally assessed the activities as originating from Chinese actors, though specific intrusion timelines, technical methodologies, and exact data compromise details remained undisclosed in public statements. The scale of the attacks necessitated a coordinated national security response across defense and interior ministries.
The Belgian Minister of Foreign Affairs issued an official declaration on behalf of the government on July 1, 2022, explicitly denouncing the cyber operations as violations of established UN norms for responsible state behavior in cyberspace. Authorities urged Chinese counterparts to prevent their territory from being used for such activities and to investigate the incidents through appropriate measures. Belgium reaffirmed commitment to international cybersecurity frameworks, specifically advocating for a UN Programme of Action to strengthen global cyber governance. The response emphasized enhanced collaboration with European partners through intelligence sharing, diplomatic engagement, and joint cyber resilience initiatives. Additional measures included improving software supply chain security and cross-border incident handling protocols. While not disclosing specific remediation steps taken within compromised networks, the government emphasized ongoing determination to counter malicious cyber activities through multilateral cooperation and institutional hardening against advanced threats.