Belgian military in battle against cyber attack believed to have targeted Log4j flaw

The attackers are believed to have targeted a vulnerability in Log4j. ST PHOTO: KELVIN CHNG

BRUSSELS (AFP) - The Belgian military said on Tuesday (Dec 21) it had been hit with a cyber attack five days prior and was still battling to restore affected parts of its system.

Military spokesman Olivier Severin told AFP that elements hit by last Thursday's attack, which contaminated services connected to the Internet, were still being analysed and restored.

Commander Severin did not name any group suspected of the attack and gave no further details of the systems involved.

The attackers are believed to have targeted a vulnerability in Log4j, a logging library that keeps track of events on a system.

The flaw, which was publicised earlier this month, was labelled "the single biggest, most critical vulnerability of the last decade" by US cyber-security firm Tenable.

It can allow attackers to take control of a machine, move around the victim's network and deploy ransomware and spyware.

The Belgian military imposed "quarantine measures" to "contain the infected elements", Commander Severin told the Belga press agency on Monday.

Log4j is a common piece of code and the vulnerability has led to widespread concern, but no other attacks on major companies or institutions have yet been reported.

Join ST's Telegram channel here and get the latest breaking news delivered to you.