CISA director: 'We have not seen significant intrusions' from Log4J yet

Officials with the US Cybersecurity and Infrastructure Security Agency (CISA) said on Monday that they have not seen the exploitation of Log4Shell result in significant intrusions since the vulnerability came to light in December.

CISA director Jen Easterly and executive assistant director for cybersecurity Eric Goldstein fielded questions from reporters during a briefing on Monday, telling attendees that outside of an attack on the Belgian Defense Ministry, they have not seen any damaging incidents that resulted directly from the exploitation of the Log4j vulnerability. 

more Log4j

“At this time, we have not seen the use of Log4Shell resulting in significant intrusions. This may be the case because sophisticated adversaries have already used this vulnerability to exploit targets and are just waiting to leverage their new access until network defenders are on a lower alert. Everybody remembers the Equifax breach that was revealed in September of 2017 was a result of an open-source software vulnerability discovered in March of that year,” Easterly said. 

“It may also be due in part to the urgent actions taken by defenders and many organizations to rapidly mitigate the most easily exploitable devices, such as those accessible directly from the internet,” Easterly added. “We

Read More: