Part of the Belgian Ministry of Defense’s computer network, including the mail system, has been down since Thursday following what government officials described as a “serious cyberattack” involving the recently disclosed Apache Log4j vulnerability (aka Log4Shell).
“Defence on Thursday discovered an attack on its computer network with internet access. Quarantine measures were quickly taken to isolate the affected areas. The priority is to keep the Defense network operational,” the Defense Ministry said in a statement.
The officials added that the security team worked throughout the weekend to keep problems under control, and to continue activities where possible, while monitoring the ongoing situation.
The cyberattack was a result of the exploitation of the CVE-2021-44228 remote code execution flaw (Log4Shell) in Log4j, the Defense Ministry said. The officials did not share who the perpetrator behind the attack is.
Log4j is a widely used logging software present in hundreds of millions of devices. Since the flaw was made public, multiple reports from security firms have indicated that state-backed and cybercriminal groups are leveraging the Log4Shell vulnerability in their attacks.
According to Microsoft, state-sponsored hacker groups from China, Iran, North Korea and Turkey have started using the flaw to gain access to corporate networks. Researchers at cybersecurity firm Advanced Intelligence have warned that the Conti ransomware gang has also incorporated the Log4Shell vulnerability in their operation. Since December 13, the group has been targeting vulnerable VMware vCenter servers using the publicly available exploit for CVE-2021-44228 in order to gain access to enterprise networks.