Recent incidents of cyberattacks have raised alarms across various industries, with many companies falling prey to DDoS attacks and data breaches. A notable breach has emerged involving a Chinese hacking group that infiltrated the Belgium-based Intelligence and Security Agency (VSSE). This attack exploited vulnerabilities in the firewall and email security systems offered by Barracuda Networks, as detailed in a recent report.
The VSSE confirmed the incident in a statement to the Belgian newspaper Le Soir, indicating that unauthorized access to its external email servers occurred between 2021 and 2023. The breach was uncovered in November 2023, leading to an investigation that revealed hackers had taken advantage of a weakness in Barracuda’s security software to exfiltrate sensitive data.
Following the investigation into this serious breach, the VSSE found that the root cause originated from issues within their security protocols. Consequently, in February 2024, the agency decided to terminate its relationship with Barracuda Networks, opting for a new security provider to ensure improved protective measures in the future.
In response to the reports of this breach, Barracuda Networks spokesperson Lesley Sullivan stated that the company could not be held accountable for the incident. Sullivan clarified that it was ultimately the responsibility of the VSSE to maintain the security of its systems, while Barracuda’s role was to provide the necessary tools for effective network security.
From Barracuda’s perspective, the company had already taken steps in May 2023 to resolve the critical vulnerability in its Email Security Gateway (ESG) software, well before the breach was detected. The company emphasized that the vulnerability may have been overlooked by the VSSE’s administrative team. The ESG software is crucial, as it monitors the flow of both incoming and outgoing emails while filtering out malicious threats.
Cybersecurity experts suggest that this breach, attributed to threat actors supported by the Chinese government, resulted in unauthorized access to more than 10% of the VSSE’s email traffic. Although no classified information was known to have been compromised, much of the stolen data pertained to internal communications among the agency’s staff.
In terms of potential tactics and techniques employed during the attack, the MITRE ATT&CK framework provides a relevant context. Tactics such as initial access, where the attackers exploit vulnerabilities to gain entry, and persistence techniques that sustain their access over time, could have been significant aspects of this incident. Additionally, privilege escalation may have been employed to gain elevated access, allowing the attackers to maneuver within the network unobstructedly.
This breach serves as a stark reminder of the importance for organizations, particularly in the intelligence and security sectors, to remain vigilant in safeguarding their data assets against increasingly sophisticated cyber threats.
