Did Microsoft let the Belgian government down? The entire computer system of the federal home affairs ministry in Belgian was subject to a full, complicated cyber-attack as far back as April 2019, with all fingers pointing to China, according to Belgian daily De Standaard.
Unlike many other cyber-attacks, this one was clearly aimed at the collection of information rather than money. The ministry is one of the central links in Belgium’s whole system of government, in charge of the population register, election management, police databases, crisis management and so on.
<p><span lang=\"EN-US\">Attribution of these attack to any state is somewhat problematic both technically and legally speaking. First, many nation-state actors purposely hire foreign cyber mercenaries who have no connections with their countries. Oftentimes, they deal via so-called brokerage, making attribution even harder by placing hacking orders to trusted intermediaries who later hire and pay the attackers. </span></p> <p> </p> <p><span lang=\"EN-US\">While the latter commonly try to mislead possible forensic investigation of the intrusion by copying attack patterns of known hacking groups or, among other things, by stealing data that they don’t really need, but want to exfiltrate as if it was the primary target of the attack. </span></p> <p> </p> <p><span lang=\"EN-US\">Worse, even if once attributed and proven, the current mechanics of international law is toothless to prosecute a foreign nation. Interestingly, comments from Microsoft indirectly suggest that the victim was aware of the critical 0day vulnerabilities in MS Exchange Server much earlier than in March 2021 when they were publicly disclosed by Microsoft. Such a protracted reaction and catastrophic consequences may trigger severe legal ramifications for the tech giant and negatively impact its business in a long-term perspective.</span></p>