We are hearing from sources that more attacks against Belgian networks are taking place and that we can suppose that even the network of the Belgian Ministry of External Affairs is still seeing attacks against her network
now this shouldn't supprise you, I don't understand why people are surprised when their network is attacked - especially if their network has information that could be very interesting or worthwhile for people or organisations. It is normal that your network is attacked by these people and organisations because they want that information by all means and you have it on your network so instead of trying to send spies to steal they try to break into your network to get that information. You should expect it and you should protect your network as if you expect these kinds of attacks to happen.
and you should of course analyse them and learn from them and try to implement all the additional security policies and install the new security appliances that you need to let your security evolve with these evolving continuing attacks
in fact you should now change your mindset in many occasions. We are entering a new cold war period if you like it or not but that is the case. If Russia is provoking us by sending nuclear bombers and ships near our borders to test our defenses and places 40.000 troops at the borders of Ukraine why shouldn't it send espionagetools to get the information it wants ? For what good reason wouldn't it do that if it is overwhelming us with propaganda and cutting all the military and diplomatic ties that we have developed over the last 10 years ?
about the virus there some interesting facts
* it already hit Belgium last year twice so it is not an unknown virus on the Belgian territory
* it is a very old espionagetool that has evolved over the years
* it uses two exploits to install itself on a windowssystem
* it installs a vulernable virtual host driver after which it gets the administration rights after which it can exploit the installed vulnerability to downgrade the security of windows so it doesn't aks for a signed driver (so you know where it is from) when a driver is installed in the kernel (and is totally trusted)
* there is a list of websites to block
* there a few snort signatures (or the commercial sourcefire)
you can find all that documentation in this report