Dutch intelligence is investigating the hacking of 20,000 FortiGate systems worldwide.
The Dutch Military Intelligence and Counterintelligence Service (MIVD) warns that China's global cyber espionage campaign is likely "much more extensive than previously known." This is evidenced by an alert published on Monday by the National Cyber Security Center (NCSC) of the country.
According to the NCSC, the government hackers behind the operation exploited the CVE-2022-42475 vulnerability in FortiGate devices for at least two months before Fortinet announced its discovery.
During the so-called "zero-day period", about 14,000 devices were infected. The targets included " dozens of (Western) governments, international organizations, and a large number of defense industry companies."
MIVD and the Dutch Electronic Intelligence Service AIVD issued a joint statement last year that the cyber espionage campaign described above allowed Chinese hackers to break into the internal computer network used by the Dutch Ministry of Defense.
After gaining access to the Defense Ministry's network, the attackers deployed a remote trojan (RAT) called COATHANGER. It was used to gather intelligence about an isolated computer network and steal a list of user accounts from an Active Directory server. Since this system was autonomous, then it did not cause damage to the main networks of the department.
According to a new report, following the release of last year's announcement, MIVD continued its investigation and found that hackers "gained access to at least 20,000 FortiGate systems worldwide over several months in 2022 and 2023."
According to the agency, the exact number of victims on whose systems the COATHANGER malware was installed is unknown. Despite the fact that the technical report on the Trojan has already been released, it will be quite difficult to identify and neutralize the threat now. Thus, the state actor probably still has access to the systems of a significant number of victims.
The Dutch Military Intelligence and Counterintelligence Service (MIVD) warns that China's global cyber espionage campaign is likely "much more extensive than previously known." This is evidenced by an alert published on Monday by the National Cyber Security Center (NCSC) of the country.
According to the NCSC, the government hackers behind the operation exploited the CVE-2022-42475 vulnerability in FortiGate devices for at least two months before Fortinet announced its discovery.
During the so-called "zero-day period", about 14,000 devices were infected. The targets included " dozens of (Western) governments, international organizations, and a large number of defense industry companies."
MIVD and the Dutch Electronic Intelligence Service AIVD issued a joint statement last year that the cyber espionage campaign described above allowed Chinese hackers to break into the internal computer network used by the Dutch Ministry of Defense.
After gaining access to the Defense Ministry's network, the attackers deployed a remote trojan (RAT) called COATHANGER. It was used to gather intelligence about an isolated computer network and steal a list of user accounts from an Active Directory server. Since this system was autonomous, then it did not cause damage to the main networks of the department.
According to a new report, following the release of last year's announcement, MIVD continued its investigation and found that hackers "gained access to at least 20,000 FortiGate systems worldwide over several months in 2022 and 2023."
According to the agency, the exact number of victims on whose systems the COATHANGER malware was installed is unknown. Despite the fact that the technical report on the Trojan has already been released, it will be quite difficult to identify and neutralize the threat now. Thus, the state actor probably still has access to the systems of a significant number of victims.
