AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

National security breached: chinese hackers infiltrate Dutch MOD

The cyber incursion undermines the integrity of Dutch systems and raises global security issues

Chinese hackers used malware called "Coathanger" to infiltrate Dutch Ministry of Defense systems through Fortinet devices, but the attack was limited.

This pill is also available in Italian language

Recent investigations conducted by the Dutch military and security intelligence services (MIVD and AIVD) have brought to light that a Chinese state-sponsored hacking group breached the system of the Dutch Ministry of Defense (MOD) last year. Hackers have introduced a new remote access trojan (RAT), nicknamed "Coathanger", into Fortinet devices used by the MOD. Reports indicate that the impact of the attack was contained by segmenting the affected network from other MOD networks.

The "Coathanger" malware identified by Dutch 007s

The RAT in question, called Coathanger, was designed to specifically target Fortinet's FortiGate appliances. This malware stands out for its persistent nature, being able to resist both system reboots and firmware updates, injecting itself into system processes. Furthermore, its ability to evade detection using standard FortiGate CLI commands makes it particularly insidious. Attackers exploited a critical unauthenticated remote code execution vulnerability (CVE-2022-42475) in FortiGate devices to gain access and, after installing Coathanger, performed reconnaissance activities and stole data from Active Directory servers.

Attribution of the attack and geopolitical implications

The attack on the MOD and the development of Coathanger were attributed "with high confidence" to a threat actor sponsored by the government of the People's Republic of China. This episode is considered by Dutch authorities not to be an isolated event but rather a component of a larger Chinese political espionage campaign directed against the Netherlands and its allies. The trend of state-sponsored hackers exploiting vulnerabilities in edge devices exposed on the internet is a growing practice.

Tips for defending computer systems

MIVD and AIVD provided recommendations on mitigation and protection methods for organizations using FortiGate devices, advising to promptly implement security updates, disable unnecessary features, limit access to devices by disabling unnecessary services, ports and l management interface from the internet, as well as monitoring event logs for anomalous activity.

Follow us on Facebook for more pills like this

02/07/2024 15:08

Marco Verro

Last pills

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threats

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressed

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documents

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report