Dutch military intelligence and security service (MIVD) alerts of an extensive Chinese cyber-espionage campaign, surpassing previous assessments. The campaign, exploiting vulnerabilities in FortiGate devices, was active for at least two months before Fortinet’s announcement. During this period, over 14,000 devices, including those of Western governments, international organizations, and defense companies, were compromised.
The hackers, identified as state-sponsored, infiltrated the Dutch Ministry of Defence’s internal network, deploying a remote access trojan (RAT) named COATHANGER. Despite the publication of a technical report on COATHANGER, infections are challenging to detect and remove. MIVD continues to investigate and has discovered access to at least 20,000 FortiGate systems worldwide in 2022 and 2023, raising concerns of prolonged unauthorized access by the attackers.
The National Cyber Security Centre (NCSC) and Dutch intelligence services emphasize the likelihood of the state actor retaining access to numerous victim systems. This persistence underscores the ongoing threat posed by the cyber-espionage campaign. The alert serves as a stark reminder of the evolving tactics and capabilities of state-sponsored threat actors in cyberspace, necessitating heightened vigilance and robust cybersecurity measures to defend against such sophisticated attacks.
Reference:
