21 December 2021

Hackers breached Belgian Defense Ministry’s network using Log4j flaw


Hackers breached Belgian Defense Ministry’s network using Log4j flaw

Part of the Belgian Ministry of Defense’s computer network, including the mail system, has been down since Thursday following what government officials described as a “serious cyberattack” involving the recently disclosed Apache Log4j vulnerability (aka Log4Shell).

“Defence on Thursday discovered an attack on its computer network with internet access. Quarantine measures were quickly taken to isolate the affected areas. The priority is to keep the Defense network operational,” the Defense Ministry said in a statement.

The officials added that the security team worked throughout the weekend to keep problems under control, and to continue activities where possible, while monitoring the ongoing situation.

The cyberattack was a result of the exploitation of the CVE-2021-44228 remote code execution flaw (Log4Shell) in Log4j, the Defense Ministry said. The officials did not share who the perpetrator behind the attack is.

Log4j is a widely used logging software present in hundreds of millions of devices. Since the flaw was made public, multiple reports from security firms have indicated that state-backed and cybercriminal groups are leveraging the Log4Shell vulnerability in their attacks.

According to Microsoft, state-sponsored hacker groups from China, Iran, North Korea and Turkey have started using the flaw to gain access to corporate networks. Researchers at cybersecurity firm Advanced Intelligence have warned that the Conti ransomware gang has also incorporated the Log4Shell vulnerability in their operation. Since December 13, the group has been targeting vulnerable VMware vCenter servers using the publicly available exploit for CVE-2021-44228 in order to gain access to enterprise networks.


Back to the list

Latest Posts

Cisco says decade-old bug in ASA appliances exploited in the wild

Cisco says decade-old bug in ASA appliances exploited in the wild

The activity involving CVE-2014-2120 has been linked to the Mozi botnet.
3 December 2024
North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

The objective of the attacks is credential theft, enabling Kimsuky to hijack victim accountsю
3 December 2024
Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

It is believed that the North Korean state-backed threat actor Lazarus Group was behind the hack.
3 December 2024