Intruders leverage Log4j flaw to breach Belgian Defense Department

Parts of the Belgian Defense Ministry’s computer networks have been down since Thursday after a cyber incident in which attackers exploited the Apache Log4j vulnerability, government officials said.

“All weekend our teams have been mobilized to control the problem, continue our activities and warn our partners,” spokesperson Olivier Séverin told news publication VRT. “The priority is to keep the network operational. We will continue to monitor the situation.”

Log4j is a widely used logging software present in hundreds of millions of devices. Hackers associated with the governments of China, Iran, North Korea and Turkey have all raced to take advantage of the exploit, according to Microsoft and Mandiant researchers. Ransomware groups have also sought to exploit the vulnerability.

The Belgian Defense Ministry is the first reported high-profile government victim of the vulnerability, but unlikely to be the last given the ubiquity of Log4j in a host of enterprise software popular in the public and private sector.

Affected parts of the Belgian network were segmented after the attack was discovered, Séverin says. Systems including email appear to still be down as of Monday morning.

The Belgian government has not attributed the attack to any group or nation-state.

Cybersecurity experts and governments including the United States,  first issued warnings about the Log4J vulnerability more than two weeks ago. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued on Friday a directive giving all federal civilian agencies until Dec. 23 to patch any systems at risk.

CISA director Jen Easterly has called the vulnerability “one of the most serious I’ve seen in my entire career, if not the most serious.”