Belgium Investigates Alleged Cyberattack on Intelligence Agency by China-Linked Hackers | Techcrunch
The Belgian federal prosecutor's office is investigating a cyberattack on its state security service (VSSE) by Chinese government hackers, who exploited a vulnerability in US cybersecurity firm Barracuda's software to access VSSE's email server. The hackers gained unauthorized access to the external mail server of the intelligence service between 2021 and 2023, potentially exposing sensitive corporate data. The breach also compromised personal data of almost half of VSSE's employees.
The use of zero-day exploits by state-sponsored actors like China-backed hackers highlights the increasing sophistication and aggression of cyber threats in the global landscape.
What measures should governments and private organizations take to mitigate the risk of similar breaches, particularly given the ever-evolving nature of cybersecurity threats?
The Department of Justice has criminally charged 12 Chinese nationals for their involvement in hacking over 100 US organizations, including the Treasury, with the goal of selling stolen data to China's government and other entities. The hackers used various tactics, including exploiting email inboxes and managing software, to gain access to sensitive information. China's government allegedly paid "handsomely" for the stolen data.
The sheer scale of these hacks highlights the vulnerability of global networks to state-sponsored cyber threats, underscoring the need for robust security measures and cooperation between nations.
What additional steps can be taken by governments and private companies to prevent similar hacks in the future, particularly in industries critical to national security?
The U.S. government has indicted a slew of alleged Chinese hackers, sanctioned a Chinese tech company, and offered a $10 million bounty for information on a years-long spy campaign that targeted victims across America and around the world. The indictment accuses 10 people of collaborating to steal data from their targets, including the U.S. Defense Intelligence Agency, foreign ministries, news organizations, and religious groups. The alleged hacking scheme is believed to have generated significant revenue for Chinese intelligence agencies.
The scale of this operation highlights the need for international cooperation in addressing the growing threat of state-sponsored cyber espionage, which can compromise national security and undermine trust in digital systems.
As governments around the world seek to counter such threats, what measures can be taken to protect individual data and prevent similar hacking schemes from emerging?
The Justice Department has indicted 12 Chinese nationals for their involvement in a hacking operation that allegedly sold sensitive data of US-based dissidents to the Chinese government, with payments reportedly ranging from $10,000 to $75,000 per hacked email account. This operation, described as state-sponsored, also extended its reach to US government agencies and foreign ministries in countries such as Taiwan, India, South Korea, and Indonesia. The charges highlight ongoing cybersecurity tensions and the use of cyber mercenaries to conduct operations that undermine both national security and the privacy of individuals critical of the Chinese government.
The indictment reflects a growing international concern over state-sponsored cyber activities, illustrating the complexities of cybersecurity in a globally interconnected landscape where national sovereignty is increasingly challenged by digital intrusions.
What measures can countries take to better protect their citizens and institutions from state-sponsored hacking, and how effective will these measures be in deterring future cyber threats?
The US Department of Justice has announced charges against 12 Chinese hackers accused of targeting over 100 American companies, including the US Treasury. These individuals allegedly played a "key role" in recent cyberattacks and were linked to state-sponsored hacking groups, exploiting vulnerabilities in enterprise software. The DoJ also brought charges against eight individuals from organization Anxum Information Technology Co., Ltd., which was reportedly paid by Chinese authorities for its services.
This brazen attempt by the Chinese government to silence dissenting voices through cyberattacks raises serious questions about the accountability of governments for their citizens' online freedoms.
Will the US government's decision to offer a $10 million reward for information on these hackers lead to increased international cooperation in bringing them to justice, or will it remain a token gesture?
Microsoft's Threat Intelligence has identified a new tactic from Chinese threat actor Silk Typhoon towards targeting "common IT solutions" such as cloud applications and remote management tools in order to gain access to victim systems. The group has been observed attacking a wide range of sectors, including IT services and infrastructure, healthcare, legal services, defense, government agencies, and many more. By exploiting zero-day vulnerabilities in edge devices, Silk Typhoon has established itself as one of the Chinese threat actors with the "largest targeting footprints".
The use of cloud applications by businesses may inadvertently provide a backdoor for hackers like Silk Typhoon to gain access to sensitive data, highlighting the need for robust security measures.
What measures can be taken by governments and private organizations to protect their critical infrastructure from such sophisticated cyber threats?
The Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking more than 100 American organizations, including the U.S. Treasury, over the course of a decade. The charged individuals all played a “key role” in China’s hacker-for-hire ecosystem, targeting organizations for the purposes of “suppressing free speech and religious freedoms.” The Justice Department has also confirmed that two of the indicted individuals are linked to the China government-backed hacking group APT27.
The scope of this international cybercrime network highlights the vulnerability of global networks to state-sponsored threats, underscoring the need for robust cybersecurity measures in the face of evolving threat actors.
Will the revelations about these hackers-for-hire expose vulnerabilities in critical infrastructure that could be exploited by nation-state actors in future attacks?
Amnesty International has uncovered evidence that a zero-day exploit sold by Cellebrite was used to compromise the phone of a Serbian student who had been critical of the government, highlighting a campaign of surveillance and repression. The organization's report sheds light on the pervasive use of spyware by authorities in Serbia, which has sparked international condemnation. The incident demonstrates how governments are exploiting vulnerabilities in devices to silence critics and undermine human rights.
The widespread sale of zero-day exploits like this one raises questions about corporate accountability and regulatory oversight in the tech industry.
How will governments balance their need for security with the risks posed by unchecked exploitation of vulnerabilities, potentially putting innocent lives at risk?
Polish cybersecurity services have detected unauthorized access to the Polish Space Agency's (POLSA) IT infrastructure, Minister for Digitalisation Krzysztof Gawkowski said on Sunday. The incident has raised concerns about national security and the potential vulnerability of critical government systems. Authorities are working to identify the source of the attack and take corrective measures to prevent future breaches.
The cyberattack highlights the growing threat of state-sponsored hacking, as Poland's accusations against Russia suggest a possible link between Moscow's alleged attempts to destabilise the country.
How will this incident affect trust in government agencies' ability to protect sensitive information and ensure national security in an increasingly digital world?
POLSA is investigating a suspected cyberattack that has disrupted its services. The Polish government agency responsible for the country's space activities had immediately disconnected its network from the internet after detecting the cyberattack on Sunday, but its website remains offline at present. POLSA is working to identify who was behind the attack and restore its services as soon as possible.
This incident highlights the vulnerability of critical infrastructure in Poland, which has been consistently targeted by state-sponsored hacking groups such as APT28.
How will this cyberattack impact Poland's efforts to develop its space program and cooperate with international partners on space-related initiatives?
Amnesty International said that Google fixed previously unknown flaws in Android that allowed authorities to unlock phones using forensic tools. On Friday, Amnesty International published a report detailing a chain of three zero-day vulnerabilities developed by phone-unlocking company Cellebrite, which its researchers found after investigating the hack of a student protester’s phone in Serbia. The flaws were found in the core Linux USB kernel, meaning “the vulnerability is not limited to a particular device or vendor and could impact over a billion Android devices,” according to the report.
This highlights the ongoing struggle for individuals exercising their fundamental rights, particularly freedom of expression and peaceful assembly, who are vulnerable to government hacking due to unpatched vulnerabilities in widely used technologies.
What regulations or international standards would be needed to prevent governments from exploiting these types of vulnerabilities to further infringe on individual privacy and security?
A massive cybercriminal campaign has been discovered utilizing outdated and vulnerable Windows drivers to deploy malware against hundreds of thousands of devices. The attackers leveraged a signed driver, allowing them to disable antivirus programs and gain control over infected machines. This campaign is believed to be linked to the financially motivated group Silver Fox, which is known for its use of Chinese public cloud servers.
This type of attack highlights the importance of keeping drivers up-to-date, as even seemingly secure software can be compromised if it's not regularly patched.
As the cybersecurity landscape continues to evolve, how will future attacks on legacy systems and outdated software drive innovation in the development of more robust security measures?
Disa, an American employee screening company, has suffered a significant cyberattack, resulting in the loss of sensitive customer data. The breach, which occurred over two months ago, affected approximately 3.3 million individuals, including their payment information and government-issued identification documents. The company's investigation revealed that hackers had accessed its network since February 9, although it is unclear how they managed to infiltrate the system.
The scale of this breach highlights the vulnerability of even large organizations in the face of sophisticated cyber threats, underscoring the need for robust security measures and incident response planning.
How will regulatory bodies, such as the Federal Trade Commission (FTC), ensure that companies like Disa are held accountable for their data handling practices and provide adequate protection to their customers?
The Polish Space Agency (POLSA) has confirmed it suffered a cyberattack that compromised its email systems, forcing it to shut down its IT infrastructure. The attack appears to be an email compromise, with insiders suggesting that relevant authorities have been notified and the agency is analyzing the situation. POLSA's machines were disconnected from the internet as part of the incident.
The sophistication of this attack highlights the evolving nature of cyber threats, where attackers are increasingly targeting specific vulnerabilities in organizational systems.
Will the experience of POLSA serve as a warning to other organizations in the space industry, which may be more susceptible to similar types of attacks due to their reliance on complex networks and data transmission?
The modern-day cyber threat landscape has become increasingly crowded, with Advanced Persistent Threats (APTs) becoming a major concern for cybersecurity teams worldwide. Group-IB's recent research points to 2024 as a 'year of cybercriminal escalation', with a 10% rise in ransomware compared to the previous year, and a 22% rise in phishing attacks. The "Game-changing" role of AI is being used by both security teams and cybercriminals, but its maturity level is still not there yet.
This move signifies a growing trend in the beauty industry where founder-led companies are reclaiming control from outside investors, potentially setting a precedent for similar brands.
How will the dynamics of founder ownership impact the strategic direction and innovation within the beauty sector in the coming years?
Europol has arrested 25 individuals involved in an online network sharing AI-generated child sexual abuse material (CSAM), as part of a coordinated crackdown across 19 countries lacking clear guidelines. The European Union is currently considering a proposed rule to help law enforcement tackle this new situation, which Europol believes requires developing new investigative methods and tools. The agency plans to continue arresting those found producing, sharing, and distributing AI CSAM while launching an online campaign to raise awareness about the consequences of using AI for illegal purposes.
The increasing use of AI-generated CSAM highlights the need for international cooperation and harmonization of laws to combat this growing threat, which could have severe real-world consequences.
As law enforcement agencies increasingly rely on AI-powered tools to investigate and prosecute these crimes, what safeguards are being implemented to prevent abuse of these technologies in the pursuit of justice?
The Singaporean government has revealed that servers involved in a recent fraud case may have contained Nvidia's advanced chips, supplied by U.S. firms Dell Technologies and Super Micro Computer before being sent to Malaysia. The move raises concerns about the potential misuse of these chips by the Chinese company DeepSeek, which was at the center of the alleged chip movement scandal. Authorities are now investigating the case independently, with Singapore asking the US authorities if the servers contained U.S. export control items.
This revelation underscores the global nature of technological supply chains and the need for closer monitoring to prevent sensitive information from falling into the wrong hands.
Will the investigation into Nvidia's role in this scandal lead to greater scrutiny of U.S. tech companies' exports to countries with strict export controls?
Servers used in a fraud case that Singapore announced last week were supplied by U.S. firms and may have contained Nvidia's advanced chips, a government minister said on Monday. Three men, including a Chinese national, were charged with fraud last week in Singapore, with domestic media linking the case to the transfer of Nvidia's AI chips from Singapore to Chinese artificial intelligence firm DeepSeek. The servers involved in the case were supplied by Dell Technologies and Super Micro Computer to Singapore-based companies before they were sent to Malaysia.
The involvement of U.S. firms in the supply chain highlights the complexities of global trade and the ease with which sensitive technologies can be diverted for illicit purposes.
What role will international cooperation play in uncovering the full extent of Nvidia's AI chips being smuggled into China, and how might this impact global efforts to combat organized smuggling?
US lawmakers have raised national security concerns in letters to top Chinese telecom companies, China Mobile, China Telecom, and China Unicom, citing the potential for these firms to exploit access to American data through their U.S. cloud and internet businesses. The lawmakers are seeking details on any links between the companies and the Chinese military and government by March 31, amid concerns about unauthorized data access, espionage, or sabotage. National security experts have warned that China Telecom's operations in the US could pose a significant risk to American telecommunications networks.
The growing bipartisan concern over Chinese telecoms' U.S. footprint raises questions about the effectiveness of current regulations and the need for stricter oversight to protect national security.
How will the ongoing scrutiny of Chinese telecoms impact their ability to provide essential services, such as cloud computing and internet routing, in the US without compromising American data security?
Former top U.S. cybersecurity official Rob Joyce warned lawmakers on Wednesday that cuts to federal probationary employees will have a "devastating impact" on U.S. national security. The elimination of these workers, who are responsible for hunting and eradicating cyber threats, will destroy a critical pipeline of talent, according to Joyce. As a result, the U.S. government's ability to protect itself from sophisticated cyber attacks may be severely compromised. The probe into China's hacking campaign by the Chinese Communist Party has significant implications for national security.
This devastating impact on national security highlights the growing concern about the vulnerability of federal agencies to cyber threats and the need for proactive measures to strengthen cybersecurity.
How will the long-term consequences of eliminating probationary employees affect the country's ability to prepare for and respond to future cyber crises?
Singaporean authorities have cracked down on alleged smugglers of advanced Nvidia chips, arresting three individuals accused of diverting restricted technology to Malaysia. The investigation revolves around servers containing Nvidia components, allegedly supplied by Dell and Supermicro, raising concerns about China's attempts to circumvent US export controls. As the global semiconductor industry faces increasing scrutiny, Singapore's actions may signal a growing willingness to take action against illicit activities.
This incident highlights the ongoing cat-and-mouse game between nations seeking to acquire advanced technologies and those enforcing strict export controls, underscoring the need for robust cybersecurity measures.
What role will international cooperation play in preventing the diversion of restricted technology, particularly as China continues to push the boundaries of US export control regulations?
Aviation firms in the United Arab Emirates (UAE) were recently targeted by a highly sophisticated business email compromise (BEC) attack looking to deploy advanced malware. The attackers used a compromised email account to share polyglot files with their victims, which deployed a hidden backdoor against aviation firms. Cybersecurity researchers Proofpoint observed that these attacks started in late 2024 and target organizations with a distinct interest in aviation and satellite communications.
This highly targeted attack highlights the evolving nature of cyber threats, where attackers are leveraging sophisticated tactics like polyglot files to evade traditional detection mechanisms.
How will the increasing use of polyglot malware impact the ability of cybersecurity professionals to detect and prevent similar attacks in the future?
Vishing attacks have skyrocketed, with CrowdStrike tracking at least six campaigns in which attackers pretended to be IT staffers to trick employees into sharing sensitive information. The security firm's 2025 Global Threat Report revealed a 442% increase in vishing attacks during the second half of 2024 compared to the first half. These attacks often use social engineering tactics, such as help desk social engineering and callback phishing, to gain remote access to computer systems.
As the number of vishing attacks continues to rise, it is essential for organizations to prioritize employee education and training on recognizing potential phishing attempts, as these attacks often rely on human psychology rather than technical vulnerabilities.
With the increasing sophistication of vishing tactics, what measures can individuals and organizations take to protect themselves from these types of attacks in the future, particularly as they become more prevalent in the digital landscape?
A global crackdown on a criminal network that distributed artificial intelligence-generated images of children being sexually abused has resulted in the arrest of two dozen individuals, with Europol crediting international cooperation as key to the operation's success. The main suspect, a Danish national, operated an online platform where users paid for access to AI-generated material, sparking concerns about the use of such tools in child abuse cases. Authorities from 19 countries worked together to identify and apprehend those involved, with more arrests expected in the coming weeks.
The increasing sophistication of AI technology poses new challenges for law enforcement agencies, who must balance the need to investigate and prosecute crimes with the risk of inadvertently enabling further exploitation.
How will governments respond to the growing concern about AI-generated child abuse material, particularly in terms of developing legislation and regulations that effectively address this issue?
A Barcelona court has ruled that two NSO Group co-founders and a former executive of two affiliate companies can be charged as part of an investigation into the alleged hacking of Catalan lawyer Andreu Van den Eynde. The ruling marks an important legal precedent in Europe's fight against spyware espionage, with Iridia spokesperson Lucía Foraster Garriga stating that the individuals involved will now be held personally accountable in court. The charges stem from a complaint filed by Barcelona-based human rights nonprofit Iridia, which initially requested the judge charge NSO Group executives, but had its request initially rejected.
This ruling highlights the growing global scrutiny of spyware companies and their executives, potentially leading to increased regulation and accountability measures.
Will this precedent be replicated in other countries, and how will it impact the broader development of international laws and standards for cybersecurity and espionage?
Microsoft has confirmed that its Windows drivers and software are being exploited by hackers through zero-day attacks, allowing them to escalate privileges and potentially drop ransomware on affected machines. The company patched five flaws in a kernel-level driver for Paragon Partition Manager, which were apparently found in BioNTdrv.sys, a piece of software used by the partition manager. Users are urged to apply updates as soon as possible to secure their systems.
This vulnerability highlights the importance of keeping software and drivers up-to-date, as outdated components can provide entry points for attackers.
What measures can individuals take to protect themselves from such attacks, and how can organizations ensure that their defenses against ransomware are robust?