The Belgian Ministry of Defense has confirmed a cyberattack concerning the Log4j vulnerability on its networks.
Belgian Defense Ministry confirms cyberattack through Log4j exploitation https://t.co/I9naHp812i
— ZDNet (@ZDNet) December 21, 2021
Olivier Séverin, the spokesperson for the Belgian Ministry of Defense, told the media on Monday that the Ministry uncovered an attack on a computer network with access to the internet on Thursday and instantly took quarantine actions to separate the impacted network areas.
He didn’t confirm whether it was a ransomware attack or the suspected perpetrator’s identity but ensured that the attack occurred due to the exploitation of the recent log4j vulnerability. He also said that the ministry’s teams were marshaled throughout the weekend to keep the situation completely under control.
In a Facebook post on Monday, the Ministry stated it could not process requests via mil.be or answer people’s queries via Facebook due to technological issues.
According to the Ministry:
The priority is to keep the network operational. We will continue to monitor the situation. We are working on a resolution and we thank you for your understanding.
Cybersecurity specialists worldwide are racing to patch the Log4j bugs on their systems before threats actors can start manipulating them.
Right after the first Log4j bug (Log4Shell) was reported earlier this month, numerous threat groups linked to Iran, North Korea, China, and Turkey started using this vulnerability for their advantage.
According to reports from tech giants such as Google and Microsoft, several hacking groups backed by governments were leveraging the Log4j vulnerability in attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) administered an emergency order last week ordering all federal agencies to mend their machines against the Log4j vulnerability immediately.
Centre for Cybersecurity Belgium spokesperson Katrien Eggers said they also sent out an alarm to Belgian companies about the Apache Log4j software issue, reporting that any institution that had not already taken action should “expect major problems in the coming days and weeks.”
Bitdefender said it had observed numerous tries by attackers to initiate a ransomware load on vulnerable systems by making use of the Log4Shell bug.
Check Point researchers also observed Iranian hacking group APT 35 attempting to use the bug to target seven commodities in the Israeli business and government sector. In November, the Iranian hackers also targeted Cyberverse, an Israeli company, and leaked data online.
On 13 December, cyber security reaction teams from the 27 EU countries assembled to discuss the Log4Shell bug and escalate their monitoring measures to alert mode.