Part of its activities are paralyzed since December 16 by pirates who leveraged “log4shell”, one of the most important security flaws in recent years.
By
IT security experts were right to fear the Log4Shell security fault, made public on December 10. Six days later, pirates took advantage of this vulnerability to paralyze part of the IT networks of the Belgian Ministry of Defense, as said Tuesday, December 21 at the France-Presse Agency (AFP) a spokesman for the The army, Commander Olivier Séverin, confirming information from the Belga news agency.
“Quarantine measures” have been quickly decided to “circumscribe infected elements (…). Analyzes and restorations are still ongoing,” he said, without giving more information as to the ‘author of the cyberattaker.
The log4shell fault touches a Java library baptized log4j, a small module from the Apache Foundation resumed in many software for “logging” functions, that is to say “logs” record (events ” occurred on the system). In some log4j versions, the fault allows you to easily take control of the machine that hosts it. The hacker can then try to circulate in the victim’s computer network and deploy ranconies and espionage tools.
A dressing insufficiently applied
The faults are commonplace in the world of professional computing, but Log4Shell causes special fears because it seems easy to exploit and touch a large number of servers, these computers that provide our online services. This flaw can be corrected: a computer dressing is available from The same day of its advertisement . But apply it on all potentially affected computers takes time. Some IT managers lack reactivity, others have Not aware that their servers are affected . The pirates, they take advantage of the time offered to scan the computer networks of companies and institutions, looking for fallible servers that they could take control.
To date, no global institution or undertaking has been the target of pirates operating this flaw, according to American experts in cybersecurity. Until now, experts had mostly observed pirates that exploited this gap to install cryptomonator plants – or cryptominers – on poorly protected servers.
Nevertheless, new public announcements are not excluded in the coming weeks. The US Cybersecurity Firm has told AFP that it is, according to it, “the greatest and most critical of the vulnerabilities of the last decade”. During a press conference, Guillaume Poupard, the Director General of the National Information System Security Agency (ANSSI) found that this fault promised “a little painful holiday season for many of ‘experts’.