In February 2025, Belgian media and cyber investigators reported that Chinese state-backed hackers infiltrated the Belgian State Security Service (VSSE) by exploiting a vulnerability in software provided by US-based supplier Barracuda. The breach, which occurred between 2021 and 2023, is considered the most serious cyberattack on the Belgian intelligence service to date. Although classified data was stored separately and not accessed, the hackers obtained emails involving prosecutors, police, and political offices, as well as personal information about VSSE personnel. The attack was attributed to Chinese threat actor UNC4841, which used at least three strains of malware to gain access. The compromised server also served the Belgian Pipeline Organisation, raising further concerns about infrastructure security. Investigations found that none of the stolen data had surfaced publicly as of April 2025.