Cyber Incident Victim: Kingdom of Belgium
Date:
Jul 2022
Location:
Belgium
Summary
The Belgian Government reported malicious cyber activities targeting its Federal Public Service Interior and Defence, attributed to Chinese state-linked Advanced Persistent Threat groups APT27, APT30, APT31, and UNC 2814/GALLIUM/SOFTCELL. These attacks significantly compromised national sovereignty, democratic processes, security infrastructure, and societal stability. Belgian authorities denounced the operations as violations of UN-endorsed norms for responsible state behavior in cyberspace, urging Chinese officials to prevent such activities from originating within their territory. The government reaffirmed its commitment to international cooperation through enhanced information sharing, cyber resilience initiatives, and diplomatic engagement with European partners to strengthen collective defense against malicious cyber operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 4 actors | Available to members | Available to members |
Description
In July 2022, the Belgian government publicly disclosed a series of malicious cyber activities targeting critical national institutions, attributing the attacks to Chinese state-sponsored threat actors. The Federal Public Service (FPS) Interior and the Belgian Defence were confirmed as primary targets, with intrusions linked to distinct Advanced Persistent Threat (APT) groups. Activities against the FPS Interior were associated with APT27, APT30, and APT31, while operations targeting Belgian Defence infrastructure were traced to UNC2814 (also identified as GALLIUM or SOFTCELL). These coordinated campaigns significantly impacted Belgium’s sovereignty, democratic processes, national security, and societal stability. The Belgian government characterized the incidents as violations of established international norms for responsible state behavior in cyberspace, specifically referencing principles endorsed by all United Nations member states. No specific technical details regarding attack vectors, data exfiltration, or operational disruptions were disclosed in the public declaration.
The Belgian Minister for Foreign Affairs issued a formal condemnation of the attacks, directly urging Chinese authorities to investigate and halt malicious cyber operations originating from their territory. Belgium emphasized the necessity for China to adhere to international cyber norms and take concrete measures to prevent its infrastructure from being exploited for such activities. In response to the incidents, Belgium reaffirmed its commitment to fostering a secure global cyberspace through multilateral cooperation, advocating for the establishment of a UN-led Programme of Action to promote responsible state behavior. The government pledged enhanced collaboration with European and international partners, focusing on intelligence sharing, diplomatic engagement, and bolstering collective cyber resilience. Additional priorities included improving software supply chain security and strengthening incident response capabilities across public and private sectors. The declaration underscored Belgium’s resolve to counter malicious cyber operations while maintaining diplomatic channels to address state-sponsored threats.