Belgium has launched an investigation into an alleged data breach of its state security service (VSSE) by Chinese government hackers, according to a statement from the Belgian federal prosecutor's office. The probe was opened in November 2023 after authorities learned about the suspected cyberattack.

The investigation confirms an earlier report by the French-language Belgian newspaper Le Soir, which claimed that a Chinese hacking group gained unauthorized access to the external mail server of the VSSE between 2021 and 2023. The hackers allegedly exploited a critical-rated vulnerability in US cybersecurity firm Barracuda's Email Security Gateway (ESG) appliance, a firewall designed to filter inbound and outbound emails for potentially malicious content.

The vulnerability, which was first disclosed by Barracuda in May 2023, could allow hackers to exfiltrate sensitive corporate data. Security researchers at US cybersecurity firm Mandiant previously reported that the vulnerability had been exploited as a zero-day by a China-backed cyberespionage group to target organizations worldwide. Almost a third of the target organizations were government agencies, according to Mandiant.

Although a patch was released for the vulnerability, Barracuda urged all affected customers to replace ESG appliances impacted by the flaw in June 2023. The company also advised customers to rotate any credentials connected to the appliances and to check for signs of compromise dating back to at least October 2022. However, Barracuda spokesperson Lesley Sullivan declined to comment on the alleged breach, stating that "questions regarding any breaches at VSSE are more appropriately directed to VSSE."

VSSE did not respond to requests for comment, but according to Le Soir, the China-backed hackers exploited the Barracuda flaw to exfiltrate 10% of the Belgian intelligence service's incoming and outgoing emails. While classified information was not affected, the personal data of almost half of VSSE's employees was accessed, including identity documents, resumes, and internal communications.

The reported cyberattack has significant implications for the security of government agencies and organizations worldwide. The fact that a Chinese hacking group was able to exploit a vulnerability in a US-based cybersecurity firm's software highlights the complexity and interconnectedness of global cybersecurity threats.

In response to the breach, VSSE reportedly discontinued its use of Barracuda's products following the cyberattack, which was first reported by local media in July 2023. The incident serves as a stark reminder of the need for organizations to remain vigilant and proactive in protecting their sensitive data and systems from increasingly sophisticated cyber threats.

As the investigation continues, it remains to be seen what further details will emerge about the alleged breach and the extent of the damage. However, one thing is clear: the incident underscores the critical importance of robust cybersecurity measures and international cooperation in the face of escalating global cyber threats.