Cyber Incident Victim: Kingdom of Belgium
Date:
Oct 2023
Location:
Belgium
Summary
Several Belgian public service websites, including those of the federal finance department and the Royal Palace, experienced disruptions due to DDoS attacks, rendering them temporarily inaccessible. The attacks coincided with political support announcements for Ukraine, with hackers replacing homepage content with messages criticizing military aid commitments. Cybersecurity authorities linked the incidents to Dark Web posts targeting entities opposing Russian interests, though no group formally claimed responsibility. While no data breaches or permanent content alterations occurred, the attacks aimed to disrupt operations as a form of protest. Monitoring by the national cybersecurity center detected target lists beforehand, but attackers adapted tactics to bypass defenses, reflecting a pattern of retaliatory cyber activity following geopolitical statements on Ukraine.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 11, 2023, multiple Belgian federal government websites experienced distributed denial-of-service (DDoS) attacks, rendering them temporarily inaccessible. Affected entities included the websites of the Royal Palace, the Prime Minister’s office, and the Senate. Attackers replaced homepage content with a message referencing Belgium’s pledge to supply F-16 fighter jets to Ukraine by 2025, stating, "We come to Belgium to destroy Russia-hostile sites." The Center for Cybersecurity Belgium (CCB) confirmed these disruptions occurred amid a pattern of cyberattacks linked to international conflicts, particularly following announcements of military support for Ukraine. Dark web posts prior to the attacks listed targeted websites, aligning with those compromised, though no group formally claimed responsibility. CCB Director Miguel De Bruycker described an ongoing "cat-and-mouse game" as attackers shifted tactics whenever defenses countered their methods. The CCB had monitored these threats proactively, including Dark web activity, and possessed the target list before attacks commenced. Technical analysis by UCLouvain cybersecurity professor Axel Legay likened the DDoS mechanism to overwhelming a ticket counter with excessive demand, paralyzing normal operations. No data theft or permanent alteration of website content occurred, with disruptions solely intended to hinder access.
A second wave of attacks occurred on October 15, 2023, again targeting Belgian public services, including the SPF Finances and the Royal Palace website. The SPF Finances acknowledged the incident via social media as a "hacker attack," while the Royal Palace site remained intermittently inaccessible. These disruptions mirrored the October 11 incidents in methodology and motivation, reinforcing the CCB’s assessment of attacks as retaliatory measures against Belgium’s Ukraine policy. By October 15, services appeared restored, though the CCB cautioned that threats persisted due to attackers’ adaptive strategies. The incidents caused no reported data breaches or system compromises beyond temporary unavailability, with attackers focusing on operational disruption rather than data exfiltration or destructive payloads. Cybersecurity authorities maintained continuous monitoring and threat intelligence sharing throughout both attack phases, emphasizing preparedness against predictable retaliation cycles following geopolitical announcements. Historical context provided by the CCB noted similar DDoS campaigns globally after nations declared military aid to Ukraine, underscoring the incident’s alignment with established threat actor behavior patterns.