Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

CISA Says No Federal Agencies Compromised in Log4Shell Attacks to Date

US government agencies not hit by Log4Shell

US government agencies not hit by Log4Shell

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says it’s currently not aware of any federal agencies suffering a breach as a result of Log4Shell attacks.

The agency told SecurityWeek that it does “not have any confirmed compromises of federal agencies” resulting from the recently disclosed Log4j vulnerability tracked as Log4Shell and CVE-2021-44228.

CISA last week issued emergency directive ED 22-02, which directs federal agencies to identify affected internet-exposed systems and address the flaw — either via patches, mitigations or removal of software — by December 23.

CVE-2021-44228 has been added to CISA’s catalog of known exploited vulnerabilities, which compels federal civilian agencies to take immediate action.

The binding operational directive BOD 22-01, which CISA issued in early November when it announced the catalog, instructs government agencies to quickly address actively exploited bugs.

Log4Shell has been exploited in attacks by profit-driven cybercriminals to deliver various types of malware, as well as by nation-state threat actors linked to China, Russia, Iran, North Korea and Turkey.

The Belgian military this week confirmed a breach resulting from Log4Shell exploitation, making it the first government organization to officially admit being hit by a Log4Shell attack.

Governments around the world have taken steps to mitigate the impact of Log4Shell. However, the Chinese government, which “encourages” researchers to inform it about the security holes they find, is reportedly unhappy with Alibaba, whose employees discovered the Log4j flaw.

The country’s Ministry of Industry and Information Technology (MIIT) said it will temporarily suspend its collaboration with Alibaba Cloud as a cyber threat intelligence partner due to the fact that the company did not inform the government first about the discovery of the vulnerability.

Related: Log4Shell Tools and Resources for Defenders – Continuously Updated

Related: Log4j Update Patches New Vulnerability That Allows DoS Attacks

Related: Google Finds 35,863 Java Packages Using Defective Log4j 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.