The Belgian military said on Tuesday it had been hit with a cyberattack five days ago and was still battling to restore affected parts of its system.
Military spokesman Olivier Severin told AFP that elements hit by last Thursday’s attack, which contaminated services connected to the internet, were still being analysed and restored.
Severin did not name any group suspected of the attack and gave no further details of the systems involved.
The attackers are believed to have targeted a vulnerability in Log4j, a logging library that keeps track of events on a system.
The flaw, which was publicised earlier this month, was labelled “the single biggest, most critical vulnerability of the last decade” by US cybersecurity firm Tenable.
It can allow attackers to take control of a machine, move around the victim’s network and deploy ransomware and spyware.
The Belgian military imposed “quarantine measures” to “contain the infected elements”, Severin told the Belga press agency on Monday.
Log4j is a common piece of code and the vulnerability has led to widespread concern, but no other attacks on major companies or institutions have yet been reported.
Related: Log4Shell Tools and Resources for Defenders – Continuously Updated
Related: Log4j Update Patches New Vulnerability That Allows DoS Attacks
Related: Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw