How the Log for J Was Exploited in the Wild?

The US government did a postmortem on the overall attack. It found that nothing terribly serious happened, which is somewhat surprising in the immediate wake of the attack. But I think this is one where we're going to see a long tail fall out. This exploit is so simple to do that it's just going to sit there in every attacker's toolbox. And as they try to laterally move inside organizations, they'll test everything they can find against log for show.