Belgian defense ministry hit by cyberattack, threat actors exploited Log4Shell

Updated on: 20 December 2021

Jurgita Lapienytė
Chief Editor

On Monday, the Belgian defense ministry confirmed it had been hit by a cyberattack. It appears that malicious actors exploited a vulnerability in Log4j software (Log4Shell).

Local media reports that some of the ministry's activities were paralyzed for several days. The ministry uncovered the attack last Thursday.

Malicious hackers exploited a vulnerability in the widely used Apache software Log4j. The vulnerability, dubbed Log4Shell, was discovered at the beginning of December. The Log4j library is embedded in almost every Internet service or application we are familiar with, including Twitter, Amazon, Microsoft, Minecraft, and more.

A spokesperson for Belgian Defense Minister Ludivine Dedonder said, "the ministry's teams have been working hard in past days to secure its networks," adding the government would continue to invest in cybersecurity, Politico reported. The ministry did not want to comment on the origin of this attack.

More than a week has passed since the vulnerability was first discovered, and it continues to cause havoc worldwide. The first patch, released by Apache, is already being exploited. Many ransomware gangs are eyeing the vulnerability, signaling grim weeks ahead.

The Microsoft Threat Intelligence Center (MSTIC) has observed Log4Shell being used by multiple tracked nation-state activity groups originating in China, Iran, North Korea, and Turkey.

For example, MSTIC has observed PHOSPHORUS, an Iranian threat actor that has been deploying ransomware, acquiring and making modifications of the Log4j exploit.

More from CyberNews:

The strangest devices Apple used to make

Online privacy trends for 2022: Cookie death, zero-copy integration, and AI-powered bossware