We can now rest easy. A recent article from SecurityWeek quoted officials from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that said, “The agency told SecurityWeek that it does “not have any confirmed compromises of federal agencies” resulting from the recently disclosed Log4j vulnerability tracked as Log4Shell and CVE-2021-44228.”
I can see how they arrived at this conclusion:
The agency head asks their secretary, “Have any of our systems been compromised by log4j?”.
Secretary, “How the hell would I know?”.
Agency’s official report – No confirmed compromises at Agency Blissful Ignorance!