Security

Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability

Perpetrators' ID unknown, however


The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.

The attack took place last week, as reported by Flemish-language TV news station VRT, which said "some of the ministry's activities were paralysed for several days."

Belgian MoD spokesman Olivier Severin said in a prepared statement seen by The Register: "Defence discovered an attack on its computer network with internet access on Thursday. Quarantine measures were quickly taken to isolate the affected parts. The priority is to keep the defence network operational."

He added: "This attack follows the exploitation of the Log4j vulnerability, which was made public last week and for which IT specialists around the world are jumping into the breach."

Log4j is a FOSS logging utility distributed by the Apache Foundation and bundled with Apache Server – making it extremely widely used. Its latest version, 2.17, is the third update in 10 days after the original discovery of an actively exploited remote code execution vulnerability a fortnight ago. Since then more vulns have emerged, requiring quick-fire updates from Log4j's maintainers.

Further details were reported by ZDNet.

While the infosec industry has been loudly warning of potential problems, a defence ministry getting pwned – albeit by an attacker who hasn't been publicly identified – is a stark reminder to the rest of us that this flaw needs patching ASAP.

Yesterday Belgium's Centre for Cyber Security, a government organisation, issued a press release saying: "Companies that use Apache Log4j software and have not yet taken action can expect major problems in the coming days and weeks."

Perhaps they were having a little fun at their uniformed colleagues' expense.

The US government's Cybersecurity and Infrastructure Security Agency (CISA) last week issued an emergency directive requiring federal agencies to take corrective action on Apache Log4j vulnerability by 1700 EST on December 23, 2021. Readers working for the Feds, we feel your pain.

NATO, whose European HQ is in the Belgian capital, did not respond when The Register asked if its networks had been affected. ®

Send us news
60 Comments

What does it mean to build in security from the ground up?

As if secure design is the only bullet point in a list of software engineering best practices

Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff

Google: How to make any AMD Zen CPU always generate 4 as a random number

Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least

Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge

International security squads all focus on stopping baddies busting in through routers, IoT kit etc

Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant'

When cloud customers don't clean up after themselves, part 97

Cisco patches two critical Identity Services Engine flaws

One gives root access, the other lets you steal info and reconfig nodes, in the right (or should that be wrong) circumstances

I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice

Remote position, webcam not working, then glitchy AI face ... Red alert!

Critical PostgreSQL bug tied to zero-day attack on US Treasury

High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further

Yup, AMD's Elba and Giglio definitely sound like they work corporate security

Which is why Cisco is adding these Pensando DPUs to more switches

Trump admin's purge of US cyber advisory boards was 'foolish,' says ex-Navy admiral

‘No one was kicked off the NTSB in the middle of investigating a crash’

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew

Probe finds US Coast Guard has left maritime cybersecurity adrift

Numerous systemic vulnerabilities could scuttle $5.4T industry