Cyber Incident Victim: Belgium's Ministry of Defense
Date:
Jul 2022
Location:
Belgium
Summary
Belgian authorities reported that Chinese state-backed advanced persistent threat groups targeted the country's defense and interior ministries, compromising sovereignty, democracy, security, and societal integrity. The government attributed the cyberespionage activities to APT27, APT30, APT31, and an additional group tracked as Gallium, Softcell, or UNSC 2814, urging China to adhere to international norms and address malicious cyber operations originating from its territory. Chinese officials denied involvement, characterizing the accusations as baseless and irresponsible due to the absence of provided evidence, while Belgium maintained the attribution based on detected malicious activities against both ministries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 4 actors | Available to members | Available to members |
Description
On July 19, 2022, Belgium’s Minister for Foreign Affairs publicly disclosed that multiple Chinese state-backed advanced persistent threat (APT) groups had conducted cyberattacks targeting the country’s Federal Public Service Interior (FPS Interior) and Belgian Defence. The government attributed these malicious activities to APT27, APT30, APT31, and an additional group tracked under the aliases Gallium, Softcell, and UNSC 2814. The attacks were characterized as significantly impacting Belgium’s sovereignty, democracy, security, and broader society, though specific technical details regarding intrusion methods, compromised systems, or stolen data were not disclosed in the public statement. Belgian authorities explicitly linked APT27, APT30, and APT31 to the intrusion against the FPS Interior, while associating the Gallium/Softcell/UNSC 2814 collective with the attack on Belgian Defence. The government emphasized its assessment that these operations originated from China and called on Chinese authorities to adhere to United Nations-endorsed norms of responsible state behavior in cyberspace, urging concrete action to prevent further malicious activity emanating from its territory.
The Chinese Embassy in Belgium immediately rejected the allegations, issuing a statement denouncing the Belgian government’s claims as “extremely unserious and irresponsible” due to an asserted absence of evidence. Chinese officials criticized Belgium for refusing to provide factual substantiation while simultaneously making what they characterized as unfounded accusations designed to tarnish China’s reputation. This incident followed prior cybersecurity industry reports linking APT27—one of the groups Belgium implicated—to earlier campaigns, including June 2022 compromises of telecommunications companies and March 2021 exploits targeting unpatched Microsoft Exchange servers. Belgium’s public attribution represented a formal diplomatic escalation, though no ancillary technical indicators, remediation steps, or specific operational disruptions beyond the broad impacts on national security and governance were detailed in the available public record. The Belgian government did not disclose whether the attacks were ongoing at the time of disclosure or whether containment measures had been implemented.