Cyber Incident Victim: Antwerp
Date:
Oct 2024
Location:
Belgium
Summary
A pro-Russian hacker group known as NoName057 conducted distributed denial-of-service (DDoS) attacks against multiple Belgian municipal and port websites, including those of Antwerp and Zeebrugge, causing temporary outages. The collective claimed responsibility via Telegram, citing retaliation for Belgium's planned military support to Ukraine and labeling the country as "Russophobic." Cybersecurity authorities confirmed the attacks caused service disruptions but assessed them as non-dangerous, characterizing them as typical volumetric overload attempts. The group additionally threatened to target Belgium's upcoming local elections, indicating intent to disrupt the voting process. This marked the second wave of attacks within two days, following prior incidents against provincial government websites.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 7, 2024, pro-Russian hacker collective NoName057 conducted distributed denial-of-service (DDoS) attacks against Belgian municipal and port authority websites, marking their second offensive against Belgian digital infrastructure in two days. The group announced targets including the municipalities of Sint-Genesius-Rode and Linkebeek, along with the ports of Antwerp and Zeebrugge, via their Telegram channel at 8:44 AM local time. This followed an October 6 attack that temporarily disrupted provincial government websites. The Centre for Cybersecurity Belgium (CCB) confirmed the technical nature of these attacks as volumetric DDoS incidents, where attackers overwhelm servers with artificial traffic to cause service disruptions. While the attacks rendered targeted websites temporarily inaccessible to legitimate users, the CCB assessed they posed no critical danger beyond temporary availability issues. No data breaches, malware deployments, or persistent system compromises were reported. Service restoration timelines for affected entities were not disclosed in available reporting.
The attackers explicitly linked both campaigns to Belgium's military support for Ukraine, referencing a pending government proposal to transfer Caesar artillery systems to Ukrainian forces. In Telegram statements, NoName057 condemned Belgium as "Russophobic" and framed the attacks as retaliation for backing what they termed "the criminal regime in Kyiv." The group further threatened to disrupt Belgium's October 13 local elections, explicitly referencing the scheduled municipal council votes in their messaging. NoName057's public claims did not specify planned election-related targets or attack methodologies beyond the established DDoS pattern. Belgian cybersecurity authorities did not publicly detail defensive measures taken during or after the incidents beyond characterizing the attacks' limited technical impact. The Port of Antwerp, a strategic European logistics hub, experienced no operational disruptions to physical port activities according to available information, with impacts confined to web service availability.