Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability
Perpetrators' ID unknown, however
The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.
The attack took place last week, as reported by Flemish-language TV news station VRT, which said "some of the ministry's activities were paralysed for several days."
Belgian MoD spokesman Olivier Severin said in a prepared statement seen by The Register: "Defence discovered an attack on its computer network with internet access on Thursday. Quarantine measures were quickly taken to isolate the affected parts. The priority is to keep the defence network operational."
He added: "This attack follows the exploitation of the Log4j vulnerability, which was made public last week and for which IT specialists around the world are jumping into the breach."
Log4j is a FOSS logging utility distributed by the Apache Foundation and bundled with Apache Server – making it extremely widely used. Its latest version, 2.17, is the third update in 10 days after the original discovery of an actively exploited remote code execution vulnerability a fortnight ago. Since then more vulns have emerged, requiring quick-fire updates from Log4j's maintainers.
- Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely used logging utility
- Bad things come in threes: Apache reveals another Log4J bug
- CISA issues emergency directive to fix Log4j vulnerability
- Over Log4j? VMware has another critical flaw for you to patch
Further details were reported by ZDNet.
While the infosec industry has been loudly warning of potential problems, a defence ministry getting pwned – albeit by an attacker who hasn't been publicly identified – is a stark reminder to the rest of us that this flaw needs patching ASAP.
Yesterday Belgium's Centre for Cyber Security, a government organisation, issued a press release saying: "Companies that use Apache Log4j software and have not yet taken action can expect major problems in the coming days and weeks."
Perhaps they were having a little fun at their uniformed colleagues' expense.
The US government's Cybersecurity and Infrastructure Security Agency (CISA) last week issued an emergency directive requiring federal agencies to take corrective action on Apache Log4j vulnerability by 1700 EST on December 23, 2021. Readers working for the Feds, we feel your pain.
NATO, whose European HQ is in the Belgian capital, did not respond when The Register asked if its networks had been affected. ®