<ul><li>Chinese hackers have breached Belgium's State Security Service (VSSE), stealing 10% of emails between 2021 and May 2023.</li><li>Investigators are looking into the security breach by China-linked threat actors on the VSSE.</li><li>The hackers exploited a vulnerability in the Barracuda Email Security Gateway Appliance used by VSSE and others.</li><li>10% of the VSSE's incoming and outgoing emails were compromised, exposing personal data of staff and applicants.</li><li>No classified information was affected, and no stolen data has been found on the dark web.</li><li>The Chinese embassy in Belgium has not yet commented on the accusation.</li><li>Mandiant researchers linked China-linked threat actors to similar attacks exploiting the Barracuda ESG zero-day vulnerability globally.</li><li>Barracuda warned customers of the zero-day flaw (CVE-2023-2868) exploited in May and provided patches.</li><li>The flaw was exploited to deploy malware providing persistent backdoor access.</li><li>The attackers used malware families like SALTWATER, SEASPY, and SEASIDE to exploit the vulnerability.</li></ul>

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Discover more