Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date

US government agencies not hit by Log4Shell

US government agencies not hit by Log4Shell

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently not aware of any federal agencies suffering a breach as a result of Log4Shell attacks.

The agency told SecurityWeek that it does “not have any confirmed compromises of federal agencies” resulting from the recently disclosed Log4j vulnerability tracked as Log4Shell and CVE-2021-44228.

CISA last week issued emergency directive ED 22-02, which directs federal agencies to identify affected internet-exposed systems and address the flaw — either via patches, mitigations or removal of software — by December 23.

CVE-2021-44228 has been added to CISA’s catalog of known exploited vulnerabilities, which compels federal civilian agencies to take immediate action.

The binding operational directive BOD 22-01, which CISA issued in early November when it announced the catalog, instructs government agencies to quickly address actively exploited bugs.

Log4Shell has been exploited in attacks by profit-driven cybercriminals to deliver various types of malware, as well as by nation-state threat actors linked to China, Russia, Iran, North Korea and Turkey.

The Belgian military this week confirmed a breach resulting from Log4Shell exploitation, making it the first government organization to officially admit being hit by a Log4Shell attack.

Governments around the world have taken steps to mitigate the impact of Log4Shell. However, the Chinese government, which “encourages” researchers to inform it about the security holes they find, is reportedly unhappy with Alibaba, whose employees discovered the Log4j flaw.

The country’s Ministry of Industry and Information Technology (MIIT) said it will temporarily suspend its collaboration with Alibaba Cloud as a cyber threat intelligence partner due to the fact that the company did not inform the government first about the discovery of the vulnerability.

Related: Log4Shell Tools and Resources for Defenders – Continuously Updated

Related: Log4j Update Patches New Vulnerability That Allows DoS Attacks

Related: Google Finds 35,863 Java Packages Using Defective Log4j 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.