Cyber Incident Victim: Kingdom of Belgium
Date:
Jun 2023
Location:
Belgium
Summary
Belgian police officers and magistrates were targeted by an advanced spyware infection on their mobile phones. The sophisticated software allowed for complete control of the compromised devices, enabling the extraction of messages, photos, and contacts, as well as the activation of audio and video recording. The devices of an investigating judge, prosecutors, and other personnel were analyzed, with several confirming the presence of the espionage tool following suspicions of spying.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late 2022 or early 2023, suspicions of espionage emerged within the Belgian justice system, leading to an investigation. The primary concern was that the mobile phones of key personnel had been compromised by a sophisticated spyware tool. This advanced software grants an attacker complete control over the targeted device. The capabilities of this spyware are extensive; it allows for the extraction of messages—including those that are end-to-end encrypted—photos, and contact lists. Furthermore, it can remotely activate the phone's microphone and camera to initiate audio and video recordings of conversations and the surrounding environment, effectively turning the device into a constant surveillance tool.
In response to these suspicions, a formal and confidential investigative process was initiated. The affected mobile devices were handed over to specialized investigators for forensic examination. The Federal Computer Crime Unit (FCCU), a division of the Belgian federal police dedicated to handling complex cybercrime cases, was tasked with conducting the technical analysis. This unit possesses the expertise required to perform deep forensic examinations on digital devices to uncover traces of malicious software and unauthorized access.
The investigation involved a specific and high-profile group of individuals within Belgium's law enforcement and judicial apparatus. The phones belonging to prosecutors, investigative judges, police officers, and members of judicial staff were subjected to repeated and thorough analysis. This process was not a single scan but involved multiple rounds of detailed forensic testing to confirm initial findings and rule out false positives. The scope of the incident, in terms of the exact number of compromised devices, remains officially undisclosed and was not publicly known at the time of reporting.
The results of these forensic analyses, which were conducted over a period of several months leading up to June 2023, confirmed the initial suspicions in several cases. The technical examinations provided evidence suggesting that the devices had indeed been infected with spyware. The individuals whose phones were analyzed were formally notified of the results. Among those informed was the high-profile investigative judge Michel Claise, who was handling several sensitive and complex financial fraud cases. His device was one of those that tested positive for the infection. Other magistrates and police officers were also advised that their phones had returned the same positive result, indicating a targeted campaign against figures within the Belgian justice system.
The Belgian federal police, when approached for comment on the incident, declined to provide any official statement. They cited the extreme sensitivity of the ongoing dossier as the reason for their silence and referred all inquiries to the federal prosecutor's office for any potential communication. The federal prosecutor's office, in turn, also chose not to offer any reaction or commentary on the matter. This official silence underscores the highly classified and sensitive nature of the investigation, which involves state-level espionage targeting the core of the country's judicial infrastructure.
The immediate impact of this incident is a severe breach of the confidentiality and security that underpin the judicial process. The compromise of devices belonging to judges, prosecutors, and police officers means that a wide array of privileged information was potentially exposed. This includes communications between legal professionals, details on ongoing investigations, strategies for upcoming cases, the identities of sources or witnesses, and evidence gathered in sensitive matters. The ability of the spyware to record conversations means that even verbal, in-person discussions held near the infected phone could have been captured and exfiltrated.
The long-term consequences are profound and extend beyond the immediate data loss. The incident erodes trust within the justice system, as officials must now question the integrity of their primary communication tools. It represents a direct attack on the independence of the judiciary and the ability of the state to conduct its legal functions without external interference or surveillance. The targeting of a figure like Judge Michel Claise, who was investigating major cases such as the so-called "Qatargate" corruption scandal within the European Parliament, suggests the espionage may have been motivated by a desire to obstruct or gather intelligence on high-stakes investigations with significant political ramifications. The breach necessitates a complete review of security protocols for mobile devices used by government and judicial officials, likely leading to significant operational changes and potentially the withdrawal of certain technologies from use. The incident remains under investigation by the specialized FCCU unit, with no public details available regarding the attribution of the attack or the specific spyware variant used.