The government of Belgium has claimed it detected three Chinese Advanced Persistent Threat actors attacking its public service and defence forces.

A government statement names Advanced Persistent Threat 27, 30, and 31 – aka UNSC 2814, GALLIUM, and SOFTCELL – as the groups responsible for the attacks.

The statement doesn’t detail the nature of the attacks other than to describe them as “malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the FPS Interior and the Belgian Defence.”

The actors named by Belgium have form.

In January 2021 German authorities claimed that APT27 had been spotted targeting local companies.

AP30 has been active for almost 20 years. In 2015 we covered research that found it had been probing government targets across Asia since 2004.

Gallium, which has conducted operations named Soft Cell, was spotted deploying a new remote access trojan (RAT) in June 2022.

Belgium’s Foreign Ministry wrote that the nation “strongly denounces these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behavior as endorsed by all UN member states.”

Which is true – the UN created cyber norms that were agreed in 2015. But China – and plenty of other nations – employs entities that aren’t directly connected to the state when conducing some online ops. Such entities fool nobody, but are nearly always denied and decried by their host nations.

Belgium’s statement calls on “Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”

That won’t happen because, as explained earlier this month by the heads of MI5 and the FBI, China runs a “coordinated campaign on a grand scale” to get the trade secrets and intelligence it feels are needed to compete in business and geopolitics.

China always denies such actions and swears it only has peaceful intentions online and in the real world.

The Middle Kingdom even postures as a leader in efforts to ensure cyberspace remains safe and peaceful. Last week it hosted the 2022 “World Internet Conference” – an event that China inaugurated in 2014, has controlled ever since, has only ever run in the city of Wuzhen, and attracts very few representatives of actual global internet bodies.

Chinese president Xi Jinping sent a letter to the conference’s organizers in which he “called on the international community to jointly foster a fairer and more equitable, open and inclusive, secure and stable cyberspace to deliver more benefits to people around the world.”

Which is just what Belgium wants, too. ®