Belgium Defense Ministry has released a press update that some state funded hackers deployed ransomware of its servers through Log4J Apache software vulnerability. Information is out that the attack took place on December 16th,2021 paralyzing the network and was conducted by exploiting the Java based Apache Library logging software.
An update released by the office of defense from Brussels says that the cyber incident could cause disruption of military services for the next few days and recover from the ransomware incident was underway and is expected to be done by early next year.
Second is the alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) against Log4J vulnerability.
The federal agency stated it has released a tool that can help businesses find unpatched Log4J instances that could affect 3rd party software such as iCloud to Minecraft.
Third, it’s the news related to Chinese company Alibaba that is trending for the news related to Log4Shell flaw that was first reported to the world by CrowdStrike. Sources report that the government of China has shunted Alibaba for not revealing the log4j vulnerability quickly to the government.
As a result, the tech giant could be pulled down from the Ministry of Industry and Information Technology (MIIT’s) Threat Information Sharing platform for 6-9 months.
Interestingly, Chen Zhaojun, a cloud security researcher at Alibaba, was credited by Apache for finding the Log4j Shell zero day vulnerability. But the government, led by Xi Jinping, learnt about the software susceptibility on December 10th,2021…..strange!
Fourth is the news related to Five Eyes Intelligence Alliance that issued a warning against the exploitation of the newly detected Apache vulnerability.
As most of the sophisticated cyber threat actors are scanning networks for Log4j Shell issue, they could infiltrate most of the corporate networks in the next couple of weeks.
Jen Easterly, the CISA Director warned that adversary nations like China and Iran have started attack campaigns of using the log4j2 (an upgrade to log4j) vulnerability to induce malware such as ransomware.