Belnet Hackers Used 257,000 IP Addresses From 29 Countries

Brussels city center with office buildings called the WTC or World Trade Center Towers housing Belnet and many governmental organizations

Tuesday’s cyberattack that brought down multiple Belgian websites belonging to governmental and academic institutions made use of 257,000 IP addresses from 29 countries. This is evident from an analysis by cybersecurity firm Secutec. Secutec’s SEO warned that a well-organized team is behind the attack.

Well-Orchestrated DDoS Attack

On Tuesday, government services, educational institutions and tens of thousands of other organizations in Belgium were seriously hindered by a DDoS attack that took place at Belnet. Belnet is a Belgian computer network used by public services, universities and research institutions. The attack reached its crescendo around noon.

All parties were to a greater or lesser extent cut off from the Internet. This prevented them from properly doing their job. As a result, many things went haywire that day… The cyberattack caused problems for distance learning at universities and colleges. Citizens were unable to make appointments for corona vaccinations. And the Brussels transit company STIB had issues with ticket sales.

Furthermore, various applications at the Ministry of Finance did not work and several parliamentary committees had to be cancelled. What’s more, the attack took place just before a hearing in the Belgian Chamber on China’s treatment of the Uighurs. A survivor of the Uighur camps in China, Ms Qelbinur Sidiq, was about to give her first public testimony that afternoon.

Crisis Procedures Activated Immediately

When Belnet discovered the DDoS attack, they immediately activated their crisis procedures and enlisted the help of the Center for Cybersecurity Belgium (CCB). Further, Belnet filed a complaint with the Federal Computer Crime Unit, which is now handling the investigation. Cybersecurity firm Secutec managed to get the attack under control on Tuesday evening.

Although all affected organizations, universities and research institutions are back online, Belnet indicated that they would continue to monitor the situation closely. There is no evidence that the attackers have infiltrated any networks or that any data had been stolen.

“Nonetheless, we are fully aware of the impact this attack has had on the organizations connected to our network and their users and realize that this has profoundly disrupted their functioning,” said Dirk Haex, technical director at Belnet. “Belnet invests permanently in cybersecurity. However, yesterday’s DDoS attack was of such magnitude that our entire network had become saturated. The fact that the attackers constantly changed tactics made it even more difficult to neutralize the attack.”

257,000 IP Addresses from 29 Countries

Secutec’s CEO, Geert Baudewijns, told Belgium news agency, Belga, that the attackers did not single out Belnet. The networks of Telenet and Proximus were also targetted. But because their networks are much larger and more dispersed, they were better able to digest the attack than Belnet, explained Baudewijns. The main target, however, was the government. “The perpetrators mainly wanted to hit government websites.”

Some 200 organizations were affected by the DDoS attack. Unknown perpetrators used 257,000 IP addresses from 29 countries to carry out the attack. They took advantage of 17 botnet servers to fire off more than 100 terabytes of data. As a comparison: a “normal” DDoS attack would use approximately 150 gigabytes. So, this attack was a hundred times more severe.

The countries from which the sites were attacked include the US, Mozambique, Bahrain, South Africa, Russia and China. Investigators will have to contact the hacked companies in all 29 countries, to try to find out who was behind the attack. “This shows that this was no small hack”, emphasized Baudewijns. “There must be a well-organized team behind it.”

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For VPNoverview.com she follows relevant cybercrime and online privacy developments. She rigorously tests the quality of VPN services using VPNOverview.com's dedicated VPN testing protocol that has been finetuned and optimized over the years.