Security Experts:

Belgium Says Chinese APTs Targeted Interior, Defense Ministries

Belgium on Monday accused Chinese state-sponsored hackers of launching cyberattacks against its interior and defense ministries.

Belgium noted in a statement that it has detected cyber intrusions from hacking groups tracked as APT27, APT30, APT31, and Gallium.

“We have detected malicious cyber activities that targeted the FPS Interior. These activities can be linked to the hacker groups known as Advanced Persistent Threat 27, Advanced Persistent Threat 30, Advanced Persistent Threat 31. We have detected malicious cyber activities that targeted the Belgian Defence. These activities can be linked to the hacker groups known as UNSC 2814/GALLIUM/SOFTCELL,” Belgium said on Monday.

In their statement, Belgium also urged China to adhere to “the norms of responsible state behaviour as endorsed by all UN member states,” to start preventing malicious cyber activities out of its territories, and to take the necessary measures to “detect, investigate and address the situation.”

In a statement issued as response, the Chinese Embassy in Belgium denied the accusations, claiming that there’s no evidence of the mentioned malicious activities and that the accusations denigrate China.

The statement also claimed that, in fact, China is itself a victim of cyberattacks, some of which have “undermined national security, socio-economic development, and people's normal production and life.”

Also tracked as LuckyMouse, Bronze Union, and Threat Group 3390, APT27 has been active for more than a decade, targeting hundreds of organizations worldwide, for cyberespionage, information theft, and dissident tracking.

Initially detailed in 2015, APT30 is believed to have been active since at least 2005, conducting cyberespionage operations on behalf of the Chinese government. Its targets have included media outlets, journalists, and entities holding information related to territorial disputes, as well as economic, military, and political issues.

Also known as Zirconium, Judgment Panda and Red Keres, APT31 is another cyberespionage group known to be sponsored by the Chinese government. Previously, it was observed targeting political figures, government entities, contractors and service providers in Europe.

Also engaging in cyberespionage, Gallium (also tracked as Softcell and UNSC 2814) was recently seen targeting telecoms, government, and financial organizations.

Related: Chinese Cyberespionage Group Starts Using New 'PingPull' Malware

Related: Google Blocks Chinese Phishing Campaign Targeting U.S. Government

Related: Ransomware Attacks Linked to Chinese Cyberspies

view counter