#CyberWeekly

Russian state-linked threat group UTA0355 impersonated staff from the Centre for Security, Diplomacy, and Strategy at Vrije Universiteit Brussel, sending fake invitations to the "Brussels Indo-Pacific Dialogue." Victims who clicked the registration link were led through a Microsoft 365 Device Code phishing workflow, handing attackers full access to their email and cloud accounts.

What makes this attack particularly dangerous:

• It bypasses MFA — the Device Code and OAuth phishing techniques don't trigger your usual second-factor prompts, because you're authenticating on a real Microsoft page
• It uses rapport-building — attackers first engaged targets in benign conversations via email and WhatsApp before sending the malicious link
• Victims expanded the target list — when someone declined the invitation, attackers asked for colleague recommendations. Multiple targets forwarded the invitation to others within their organization
• The fake websites looked professional — dedicated domains with polished registration pages that mimicked real-world SSO flows

This isn't just a government problem. Any Belgian organization receiving event invitations — even from seemingly legitimate Brussels institutions — should verify through separate channels. If you use Microsoft 365, review your phishing awareness training and ensure employees know that "register for this event" links can be weaponized.

You can now import CSV files directly into Easy Cyber Protection — and the AI figures out which columns map to which fields. Upload your device list, user inventory, or any spreadsheet, and our built-in AI (running entirely in your browser) automatically maps columns like "Hostname" to "Device Name" and "OS Version" to the right entity fields.

What's new this week:

• Smart CSV import — drop a CSV file into the wiki, and the AI generates a field mapping in seconds. Review it, tweak if needed, then bulk-import all your entities in one click
• Browser-based AI — the mapping runs locally using WebLLM. Your data never leaves your browser. No cloud AI, no data sharing, no privacy concerns
• Event sourcing architecture — we rebuilt our data layer with a Command → Event → Reactor pattern, so every change is tracked, auditable, and reversible
• Unified storage — a new storage abstraction lets you work with local files or server-synced data seamlessly, with cryptographic signing for integrity

If you've been maintaining your asset inventory in Excel, this is your migration path. Import once, then manage everything — devices, users, suppliers — from a single compliance-ready platform.

The EU-funded SECURE project — with Belgium's CCB as a consortium partner — opened its first call for proposals on January 28, offering European SMEs grants of up to €30,000 to prepare for the Cyber Resilience Act. The first open call makes €5 million available in total funding.

The key details:

• Who can apply: European SMEs that manufacture, import, distribute, or develop products with digital elements within the scope of the CRA
• How much: Up to €30,000 per project (50% co-financing)
• Deadline: March 29, 2026
• How to apply: Through the SECURE platform — simplified, SME-friendly process

This is real money on the table for Belgian SMEs. The CCB is directly involved, and the application process is designed to be straightforward. If you develop or sell any product with a digital component — from smart manufacturing equipment to IoT devices — this funding can help offset your compliance costs.

Fortinet confirmed active exploitation of CVE-2026-24858 (CVSS 9.4), an authentication bypass in FortiCloud SSO that allowed any FortiCloud account holder to log into other users' Fortinet devices. Attackers created rogue admin accounts, modified VPN configurations, and downloaded device configurations. Fortinet temporarily disabled all FortiCloud SSO globally on January 26 to stop the bleeding.

If you use Fortinet products, act now:

• Check for unknown admin accounts — attackers created accounts named "audit", "itadmin", "svcadmin", "backup", and "support" for persistence
• Review VPN configurations — unauthorized VPN tunnels may have been created to maintain access
• Download and review device configs — attackers exfiltrated full device configurations, potentially exposing network topology and credentials
• Apply the latest firmware — even if you patched previous FortiCloud SSO vulnerabilities (CVE-2025-59718/59719), you're still vulnerable to this one

Fortinet is one of the most widely deployed firewall solutions among Belgian SMEs. This vulnerability didn't require any special skills — just a FortiCloud account. If your IT partner manages your Fortinet devices, contact them today to confirm they've checked for indicators of compromise. Patch management isn't optional.

On February 3, threat actor "0APT" claimed breaches of three major industrial companies in a single day: BASF (2TB of data), Dassault Systèmes, and Honeywell. The coordinated timing suggests either a supply chain compromise affecting a shared vendor, or a highly organized campaign specifically targeting the industrial manufacturing sector.

Why Belgian SMEs should care:

• Supply chain exposure — BASF, Dassault, and Honeywell have extensive European supply chains. If you're a supplier, subcontractor, or customer, your data may be in the 2TB+ exfiltrated from these companies
• NIS2 supply chain requirements — under NIS2, essential entities must assess and manage cybersecurity risks in their supply chains. These breaches demonstrate exactly why
• Single-day, multi-target attacks — the coordinated nature of this breach signals a shift toward industrialized, parallel targeting of entire supply ecosystems

This is a wake-up call for any SME in the manufacturing or industrial services sector. Your supplier security posture isn't just about your own systems — it's about every organization you share data with. Review your data-sharing agreements and ask your key partners what they're doing to protect your information.