Cyber Incident Victim: Liège
Date:
Oct 2024
Location:
Belgium
Summary
A pro‑Russian hacker collective launched Distributed Denial of Service attacks against the websites of several Belgian municipalities and ports, overwhelming servers with traffic and making them temporarily inaccessible. The group claimed the actions were in response to Belgium’s support for Ukraine and warned of further disruptions ahead of local elections. The Centre for Cybersecurity Belgium described the attacks as non‑dangerous DDoS incidents and noted they were the second such wave within two days.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Monday, a number of websites, including those of the provinces, went down for a while in the first of two consecutive days of cyber activity. The pro‑Russian hacker collective NoName057 claimed responsibility for the attacks via its Telegram channel. On Tuesday morning at 8:44 a.m., the group posted a list of Belgian cities and ports that would be targeted. The list included the municipalities of Sint‑Genesius‑Rode and Linkebeek as well as the ports of Antwerp and Zeebrugge. The attacks were carried out as Distributed Denial of Service (DDoS) operations, in which servers were bombarded with requests. This overload rendered the websites inaccessible to legitimate users. The Centre for Cybersecurity Belgium (CCB) characterized the incidents as non‑dangerous despite the disruption. The hackers cited Belgium’s support for Ukraine, specifically referencing a pending decision to purchase and transfer three Caesar artillery units to Kyiv. They framed the campaign as a warning to “Russophobic Belgium” about the consequences of backing the Ukrainian government. The group’s Telegram post warned that further disruptions could occur on the election day.

As a result of the DDoS flood, the targeted municipal and port websites experienced temporary outages, preventing residents and businesses from accessing online services. No evidence of data theft or system compromise was reported by the CCB, indicating the attacks were limited to availability. The CCB continued to monitor the traffic and worked with the affected organizations to mitigate the flood, though specific technical measures were not disclosed. Local authorities in the mentioned cities and ports prepared contingency plans, such as switching to backup communication channels, to maintain essential services during the outages. By the end of Tuesday, most of the affected sites had been restored to normal operation as the attack traffic subsided. The group’s Telegram post warned that further disruptions could occur on the election day. No arrests or attributions beyond the claim of responsibility by NoName057 were announced at the time of reporting. The incidents highlighted the vulnerability of public‑facing web assets to politically motivated DDoS campaigns. The CCB issued a public statement confirming the nature of the attacks. The events marked the second consecutive day of activity by NoName057 against Belgian targets.
