Belgium's Defense Ministry told VRT yesterday that it sustained an attack via Log4shell vulnerabilities. The Ministry said the incident began last Thursday, and that, while it's been working to contain the exploitation and keep networks running, some portions of its networks have been unavailable. The Ministry's Facebook page yesterday posted a note telling inquirers not to expect full service from its sites yet. "Because of technical problems, we are unable to process your requests via www.mil.be or answer your questions via Facebook. We are working on a solution and thank you for your understanding."
The Register quotes Belgium's Centre for Cyber Security (not a Ministry of Defense organization) as saying, "Companies that use Apache Log4j software and have not yet taken action can expect major problems in the coming days and weeks." NATO, whose headquarters are in Brussels, didn't respond to the Register's inquiry about whether the Atlantic Alliance's networks were affected.
L'Avenir's take is that the incident was both foreseeable and, probably, preventable. The publication notes that the attack occurred four days after CERT-be issued its own version of the warning most national cybersecurity authorities shared, urging a prompt upgrade to Log4j version 2.17.0 or later.
There's no attribution, so far, of responsibility for the incident. Both nation-state intelligence services and criminal organizations have exploited vulnerabilities in Log4j. Threatpost, for example, has an account of the attack chain the Conti ransomware gang is using to take advantage of Log4shell.