According to Belgian VRT news report, earlier this week, the Belgian Ministry of Defense admitted that they had suffered a serious cyber attack based on the Apache Log4j-related vulnerability we reported previously. The strong cyber attack paralyzed some activities of the Belgian Ministry of Defense, such as the mail system which was down for several days.
Olivier Séverin, a relevant Belgian spokesman, said, “The Ministry of Defense discovered on Thursday that its computer network with Internet access was under attack. We then quickly took quarantine measures to isolate some of the affected devices, the immediate priority is to keep the defense network operational.” He then added “Throughout the weekend, our team was mobilized to contain the impact of this attack. We will continue to monitor the attack activity and warn our partners,”
The severity of the Log4j-related vulnerability speaks for itself as it affects national information security levels. In addition to Belgium, according to Check Point Software Technologies, an Israeli cybersecurity solutions provider, a group of hackers linked to the Iranian regime, known as Charming Kitten or APT 35, used a vulnerability in Log4j to launch attacks on seven targeted websites or groups of sites in Israel, including government sites .
In addition, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered that all Federal civilian agencies “must patch their Log4j-related systems by Christmas”. The Singapore Cybersecurity Agency (CSA) also held an emergency meeting with the Critical Information Infrastructure (CII) department to address the Log4j vulnerability and issued a warning notice of the vulnerability to closely monitor the development of the vulnerability.
At the same time, China’s Ministry of Industry and Information Technology is also paying close attention to the development status of the vulnerability and has issued a “Cybersecurity Risk Alert on the significant security vulnerability of Apache Log4j2 component” notice – all of which means that the Log4shell vulnerability is a global network security problem.