Intruders leverage Log4j flaw to breach Belgian Defense Department

The Belgian government has not named the attacker.
A Belgium national flag flies ontop of the snow-covered roof of the Royal Palace in Brussels on February 8, 2021. (Photo by JOHN THYS / AFP) (Photo by JOHN THYS/AFP via Getty Images)

Parts of the Belgian Defense Ministry’s computer networks have been down since Thursday after a cyber incident in which attackers exploited the Apache Log4j vulnerability, government officials said.

“All weekend our teams have been mobilized to control the problem, continue our activities and warn our partners,” spokesperson Olivier Séverin told news publication VRT. “The priority is to keep the network operational. We will continue to monitor the situation.”

Log4j is a widely used logging software present in hundreds of millions of devices. Hackers associated with the governments of China, Iran, North Korea and Turkey have all raced to take advantage of the exploit, according to Microsoft and Mandiant researchers. Ransomware groups have also sought to exploit the vulnerability.

The Belgian Defense Ministry is the first reported high-profile government victim of the vulnerability, but unlikely to be the last given the ubiquity of Log4j in a host of enterprise software popular in the public and private sector.


Affected parts of the Belgian network were segmented after the attack was discovered, Séverin says. Systems including email appear to still be down as of Monday morning.

The Belgian government has not attributed the attack to any group or nation-state.

Cybersecurity experts and governments including the United States,  first issued warnings about the Log4J vulnerability more than two weeks ago. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued on Friday a directive giving all federal civilian agencies until Dec. 23 to patch any systems at risk.

CISA director Jen Easterly has called the vulnerability “one of the most serious I’ve seen in my entire career, if not the most serious.”

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts