U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The Belgacom hack was the work of the UK GCHQ intelligence agency

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency. Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT  infrastructure had suffered a malware-based attack. Here we are again to speak about this incident after […]

belgacom hack

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency.

Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT  infrastructure had suffered a malware-based attack.

Here we are again to speak about this incident after the Belgian newspaper De Standaard provided more details from a Belgian judicial investigation that was investigating the alleged involvement of British GCHQ.

Many experts linked the Regin malware to the Five Eyes alliance, they found alleged references to the super spyware in a number of presentations leaked by Edward Snowden and according to malware researchers, it has been used in targeted attacks against government agencies in the EU and the Belgian telecoms company Belgacom.

According to Snowden, the UK’s signals intelligence have hacked into the Belgian telco to spy on private communications in transit into its infrastructure.

This week the Belgian newspaper De Standaard reported that investigators had found proof that the hack “was the work of the GCHQ, an intelligence service of ally Great Britain”.

“This can all be read in a confidential report from the federal prosecutor’s office that the National Security Council discussed at the beginning of this week,” reported De Standaard.

The newspaper also states that federal prosecutors found evidence for the involvement of the UK intelligence in the hack that is not related to Snowden revelations.

“Specifically, these are IP addresses of computers where the spyware software communicated from Belgacom. Three of those addresses were owned by a British company, indicating that the spy software manager is in Great Britain,” continues the newspaper.

belgacom hack

The newspaper added that British Home Office refused to co-operate with the investigation.

If confirmed the situation is disconcerting, the UK was spying, along with other members of the FiveEyes, on a telco company belonging to a member of the NATO alliance.

The investigation revealed that the malware-based attack was powered by GCHQ and code-named Operation Socialist.

The attack between 2000 and early 2010, the hackers targeted company admins with spear-phishing attacks aimed at infecting their machines.

Attackers infected at least three Belgian techies’ machines and used them as entry points into the Belgacom’s networks, then they infected more than 5,000 machines.

“A GCHQ document reviewing operations conducted between January and March 2011 noted that the hack on Belgacom was successful, and stated that the agency had obtained access to the company’s systems as planned. By installing the malware on the engineers’ computers, the spies had gained control of their machines, and were able to exploit the broad access the engineers had into the networks for surveillance purposes.” wrote The Intercept.

“The document stated that the hacking attack against Belgacom had penetrated “both deep into the network and at the edge of the network,” adding that ongoing work would help “further this new access.”

GCHQ targeted the Belgacom International Carrier Services mainly because it handled a large amount of Middle Eastern roaming traffic.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Belgacom, GCHQ)

[adrotate banner=”5″]

[adrotate banner=”13″]