December 15, 2021

FBI Statement on Log4j Vulnerability

Updated December 22, 2021: The FBI, CISA, NSA, and international partners have released a joint cybersecurity advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library.

If you feel your systems have been compromised as a result of the Log4j vulnerability or are seeking remediation, we encourage you to employ all recommended mitigations and follow guidance from CISA.

If you think your organization has been compromised as a result of the Log4j vulnerability, visit to report to the FBI. Please include as much information as possible to assist the FBI and CISA in determining prioritization for victim outreach.

Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat. As always, we stand ready to assist any impacted entities.