Cyber Incident Victim: Kingdom of Belgium
Date:
Feb 2024
Location:
Belgium
Summary
A pro-Russian hacker group known as 'NoName057(16)' conducted a DDoS attack targeting multiple Belgian government websites, including those of the Prime Minister and the House of Representatives, causing intermittent outages for approximately two hours. The group claimed the attack was retaliation for the country's financial support to Ukraine, referencing it as a "Russophobic" action, and it occurred shortly after Belgian leadership summoned the Russian ambassador over a separate political matter. Cybersecurity authorities confirmed the disruption was resolved after a brief period of fluctuating accessibility, noting that such attacks exploit server overloads to degrade or block legitimate user traffic.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 20, 2024, Belgian government websites experienced a cyber attack attributed to the pro-Russian hacker collective 'NoName057(16)'. The group announced via Telegram that it had targeted Belgium in retaliation for the country's financial support to Ukraine, which they characterized as "Russophobic." Specifically affected were the official websites of Prime Minister Alexander De Croo, the Brussels regional government, and the Belgian House of Representatives. The attack occurred shortly after Prime Minister De Croo summoned the Russian ambassador following the death of Russian opposition leader Alexei Navalny, though no direct causal link between the summoning and attack timing was explicitly confirmed in available reports. Technical analysis indicated a distributed denial-of-service (DDoS) attack methodology, where hackers overwhelmed target servers with artificial traffic from multiple compromised systems. This caused intermittent unavailability of the websites throughout Tuesday afternoon, though the disruption was not continuous across the full two-hour attack window.
The Center for Cybersecurity Belgium (CCB) confirmed the incident lasted approximately two hours, describing it as a "short-lived cat and mouse game" where websites fluctuated between operational and unavailable states. Service was fully restored by late afternoon. Impact was limited to temporary accessibility issues, with no reported data breaches or permanent damage to digital infrastructure. The CCB spokesperson noted that previously targeted government websites remain frequent objectives for hacker groups. Historical context indicates multiple prior DDoS incidents against Belgian government platforms in recent months, all linked to geopolitical tensions surrounding Ukraine. Such attacks typically degrade website performance by exhausting server capacity, rendering pages slow or completely unresponsive to legitimate users. The CCB did not disclose specific mitigation measures deployed during this incident but emphasized ongoing monitoring of high-risk targets.