AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

National security breached: chinese hackers infiltrate Dutch MOD

The cyber incursion undermines the integrity of Dutch systems and raises global security issues

Chinese hackers used malware called "Coathanger" to infiltrate Dutch Ministry of Defense systems through Fortinet devices, but the attack was limited.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Recent investigations conducted by the Dutch military and security intelligence services (MIVD and AIVD) have brought to light that a Chinese state-sponsored hacking group breached the system of the Dutch Ministry of Defense (MOD) last year. Hackers have introduced a new remote access trojan (RAT), nicknamed "Coathanger", into Fortinet devices used by the MOD. Reports indicate that the impact of the attack was contained by segmenting the affected network from other MOD networks.

The "Coathanger" malware identified by Dutch 007s

The RAT in question, called Coathanger, was designed to specifically target Fortinet's FortiGate appliances. This malware stands out for its persistent nature, being able to resist both system reboots and firmware updates, injecting itself into system processes. Furthermore, its ability to evade detection using standard FortiGate CLI commands makes it particularly insidious. Attackers exploited a critical unauthenticated remote code execution vulnerability (CVE-2022-42475) in FortiGate devices to gain access and, after installing Coathanger, performed reconnaissance activities and stole data from Active Directory servers.

Attribution of the attack and geopolitical implications

The attack on the MOD and the development of Coathanger were attributed "with high confidence" to a threat actor sponsored by the government of the People's Republic of China. This episode is considered by Dutch authorities not to be an isolated event but rather a component of a larger Chinese political espionage campaign directed against the Netherlands and its allies. The trend of state-sponsored hackers exploiting vulnerabilities in edge devices exposed on the internet is a growing practice.

Tips for defending computer systems

MIVD and AIVD provided recommendations on mitigation and protection methods for organizations using FortiGate devices, advising to promptly implement security updates, disable unnecessary features, limit access to devices by disabling unnecessary services, ports and l management interface from the internet, as well as monitoring event logs for anomalous activity.

Follow us on Threads for more pills like this

02/07/2024 15:08

Editorial AI

Last pills

LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awareness

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk