Belgian defence ministry suffers cyber attack through Log4j exploitation

Belgian defence ministry suffers cyber attack through Log4j exploitation

Image:
Belgian defence ministry suffers cyber attack through Log4j exploitation

Multiple threat groups are currently leveraging Log4j bugs in their operations

The Belgian Ministry of Defence has confirmed a cyber attack on its computer network that exploited the Log4j vulnerability.

Olivier Séverin, a spokesperson for the ministry told Belgian broadcaster VRT on Monday that the Ministry discovered an attack on a computer network with internet access on Thursday and immediately took quarantine measures to isolate the impacted network areas.

The spokesperson did not say if it was a ransomware attack or who the suspected perpetrator might be, but confirmed that the attack took place due to the exploitation of the log4j vulnerability.

Séverin said that the ministry's teams were mobilised throughout the weekend to keep problems under control, to continue activities, and to warn partners.

"The priority is to keep the network operational. We will continue to monitor the situation."

In a Facebook post on Monday, the Ministry stated it was unable to process requests via mil.be or answer people's queries via Facebook due to technical issues.

"We are working on a resolution and we thank you for your understanding," the post added.

Cybersecurity experts worldwide are currently scrambling to patch the Log4j bugs on their systems before they can exploited by threat actors.

Immediately after the disclosure of the first Log4j bug (called Log4Shell) earlier this month, multiple threat groups, including some linked to Iran, China, North Korea and Turkey, started exploiting the flaw in their operations.

Cyber security vendor Bitdefender said it had observed multiple attempts by attackers to deploy a ransomware payload on vulnerable systems by making use of the Log4Shell bug.

Microsoft also confirmed Bitdefender's findings, stating that it had observed threat actors attempting to deliver Khonsari ransomware on self-hosted Minecraft server by exploiting Log4Shell.

Researchers at security firm Check Point said they had observed Iranian hacking group APT 35 trying to exploit the bug to target seven entities in the Israeli government and business sector.

Cyber security firm Akamai Technologies stated last week that it had tracked more than 10 million attempts to exploit the Log4j vulnerability per hour in the US. Akamai said attackers are using the flaw to target the financial services, technology, manufacturing and various other industries in multiple countries.

On 13 December, cyber security response teams from the 27 EU countries met virtually to discuss the Log4Shell bug and escalated their monitoring efforts to alert mode.

The US government has also taken preventive measures, with the Cybersecurity and Infrastructure Security Agency (CISA) issuing an emergency directive last week ordering all federal agencies to immediately patch their machines against the Log4j vulnerability.

Log4jShell, tracked as CVE-2021-44228, exists in the Apache Log4j Java logging library and is said to be highly dangerous, widespread and easy to exploit bug.

Following its discovery, security researchers have uncovered two more bugs in the Log4j tool.

Last week, the Apache Software Foundation (ASF) rolled out another update - version 2.17.0 - of Log4j to address CVE-2021-45105, an infinite recursion flaw that affects all versions of the tool from 2.0-alpha1 to 2.16.0.

The ASF is advising admins to upgrade their Log4j tool to version 2.17.0 or take other defensive measures as described by the Foundation.