Security

Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability

Perpetrators' ID unknown, however


The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.

The attack took place last week, as reported by Flemish-language TV news station VRT, which said "some of the ministry's activities were paralysed for several days."

Belgian MoD spokesman Olivier Severin said in a prepared statement seen by The Register: "Defence discovered an attack on its computer network with internet access on Thursday. Quarantine measures were quickly taken to isolate the affected parts. The priority is to keep the defence network operational."

He added: "This attack follows the exploitation of the Log4j vulnerability, which was made public last week and for which IT specialists around the world are jumping into the breach."

Log4j is a FOSS logging utility distributed by the Apache Foundation and bundled with Apache Server – making it extremely widely used. Its latest version, 2.17, is the third update in 10 days after the original discovery of an actively exploited remote code execution vulnerability a fortnight ago. Since then more vulns have emerged, requiring quick-fire updates from Log4j's maintainers.

Further details were reported by ZDNet.

While the infosec industry has been loudly warning of potential problems, a defence ministry getting pwned – albeit by an attacker who hasn't been publicly identified – is a stark reminder to the rest of us that this flaw needs patching ASAP.

Yesterday Belgium's Centre for Cyber Security, a government organisation, issued a press release saying: "Companies that use Apache Log4j software and have not yet taken action can expect major problems in the coming days and weeks."

Perhaps they were having a little fun at their uniformed colleagues' expense.

The US government's Cybersecurity and Infrastructure Security Agency (CISA) last week issued an emergency directive requiring federal agencies to take corrective action on Apache Log4j vulnerability by 1700 EST on December 23, 2021. Readers working for the Feds, we feel your pain.

NATO, whose European HQ is in the Belgian capital, did not respond when The Register asked if its networks had been affected. ®

Send us news
60 Comments

Google reportedly in talks to buy infosec outfit Wiz for $23 billion

The security industry has never had a clear leader – could it be the Chocolate Factory?

Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday

Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday

ZDI shames Microsoft for – yet another – coordinated vulnerability disclosure snafu

'It seems like they really don't have a full grasp of what's going on with this patch'

Big Tech's eventual response to my LLM-crasher bug report was dire

Fixes have been made, it appears, but disclosure or discussion is invisible

Latest Ghostscript vulnerability haunts experts as the next big breach enabler

There's also chatter about whether medium severity scare is actually code red nightmare

No rest for the wiry as Cisco Nexus switches flip out over latest zero-day

Command injection bug being abused by suspected Chinese spies – patch up

DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed

Meet the new boss, same as the old boss

RADIUS networking protocol blasted into submission through MD5-based flaw

If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed

Three words to send a chill down your spine: Snowflake. Intrusion. Alert

And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Meet DodgeBox, son of StealthVector

You had a year to patch this Veeam flaw – and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware

China's APT40 gang is ready to attack vulns within hours or days of public release

Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers