Security News > 2021 > December > Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability
The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j.
The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.
Belgian MoD spokesman Olivier Severin said in a prepared statement seen by The Register: "Defence discovered an attack on its computer network with internet access on Thursday. Quarantine measures were quickly taken to isolate the affected parts. The priority is to keep the defence network operational."
Log4j is a FOSS logging utility distributed by the Apache Foundation and bundled with Apache Server - making it extremely widely used.
While the infosec industry has been loudly warning of potential problems, a defence ministry getting pwned - albeit by an attacker who hasn't been publicly identified - is a stark reminder to the rest of us that this flaw needs patching ASAP. Yesterday Belgium's Centre for Cyber Security, a government organisation, issued a press release saying: "Companies that use Apache Log4j software and have not yet taken action can expect major problems in the coming days and weeks."
The US government's Cybersecurity and Infrastructure Security Agency last week issued an emergency directive requiring federal agencies to take corrective action on Apache Log4j vulnerability by 1700 EST on December 23, 2021.