Cyber Incident Victim: Belnet
Date:
May 2021
Location:
Belgium
Summary
A massive DDoS attack targeted Belnet, a government internet service provider, disrupting connectivity for over 200 Belgian government organizations, including parliament, ministries, educational institutions, and research centers. The attack crippled critical public services such as tax filing systems, remote learning platforms, and the COVID-19 vaccine reservation portal, while also forcing parliamentary committee cancellations due to failed streaming capabilities—notably impacting a scheduled Foreign Affairs Committee session coinciding with testimony on Uyghur labor camps. Operational disruptions persisted throughout the incident, though no attribution was confirmed during the ongoing attack response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 4, 2021, a large-scale distributed denial of service (DDoS) attack disrupted Belgium’s government IT infrastructure by targeting Belnet, a government-funded internet service provider. The attack began around midday and caused widespread outages affecting internal systems and public-facing services for over 200 organizations reliant on Belnet’s network. Impacted entities included federal ministries, the Belgian Parliament, universities, research centers, and educational institutions. Critical public services such as My Minfin—the official portal for tax filings and administrative forms—were rendered inaccessible. Remote learning platforms used by schools and universities also experienced disruptions, hampering educational activities. Belgium’s COVID-19 vaccine reservation system, hosted on Belnet infrastructure, went offline during the attack, further complicating pandemic response efforts. The Belgian Justice Department confirmed network disruptions but did not specify operational impacts. Belnet worked to mitigate the attack throughout the day, though services remained unstable during the incident.
The attack significantly disrupted parliamentary operations, forcing the cancellation of most committee meetings due to connectivity failures. Only the Finance and Foreign Relations committees proceeded with scheduled sessions before IT issues escalated. Notably, the Foreign Affairs Committee had been preparing to hear testimony from a survivor of China’s Uyghur forced labor camps when the attack commenced. Multiple politicians and observers, including MP Wouter De Vriendt and analyst Thomas Renard, highlighted the timing coincidence on social media, though no official link was established. Streaming capabilities for remote parliamentary participation failed, halting legislative activities. Neither Belnet nor government agencies attributed the attack to any actor, citing the ongoing nature of the incident and the need for investigation. The DDoS attack underscored the vulnerability of centralized government networks, with recovery efforts and forensic analysis continuing beyond the initial outage period.