Threat Watch

Antwerp City Services Down After Digital Partner is Breached

An unattributed threat actor has breached the servers of Digipolis, the city’s digital partner that provides administrative software. This access was then used to disrupt numerous digital services used in Antwerp, Belgium. The disrupted services are used by its citizens, schools, daycare centers, and police force.

Nearly all Windows services were affected. The city’s email service, phone services, and the reservation system were also impacted. Further, medical services provided by the Antwerp Health Company were also disrupted.

While the breach of Digipolis impacted these services, it does not appear that any information was stolen from the city of Antwerp itself. However, remediation is still occurring and will likely last until the end of December. This follows a breach from the previous week where Ragnar Locker operators leaked data stolen from a local police unit in an Antwerp province.

ANALYST NOTES

While there is currently not a lot of information available into how the breach of Digipolis occurred, the effects of the breach on the City of Antwerp are apparent. This attack is a recent example of a supply-chain attack, where a threat actor infiltrates one organization through a breach of another. Overall, the recommended strategy to protect against attacks such as these is to have a defense in depth strategy when it comes to security. Additionally, it is recommended to properly vet the security standards of any third-party software that the organization uses and to keep software up to date. In the end, some of these attacks may still go undetected. Due to this, it is recommended to implement the principle of least privilege regarding any third-party applications and accounts, limiting what they can do and what data they can access.

https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/