AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

National security breached: chinese hackers infiltrate Dutch MOD

The cyber incursion undermines the integrity of Dutch systems and raises global security issues

Chinese hackers used malware called "Coathanger" to infiltrate Dutch Ministry of Defense systems through Fortinet devices, but the attack was limited.

This pill is also available in Italian language

Recent investigations conducted by the Dutch military and security intelligence services (MIVD and AIVD) have brought to light that a Chinese state-sponsored hacking group breached the system of the Dutch Ministry of Defense (MOD) last year. Hackers have introduced a new remote access trojan (RAT), nicknamed "Coathanger", into Fortinet devices used by the MOD. Reports indicate that the impact of the attack was contained by segmenting the affected network from other MOD networks.

The "Coathanger" malware identified by Dutch 007s

The RAT in question, called Coathanger, was designed to specifically target Fortinet's FortiGate appliances. This malware stands out for its persistent nature, being able to resist both system reboots and firmware updates, injecting itself into system processes. Furthermore, its ability to evade detection using standard FortiGate CLI commands makes it particularly insidious. Attackers exploited a critical unauthenticated remote code execution vulnerability (CVE-2022-42475) in FortiGate devices to gain access and, after installing Coathanger, performed reconnaissance activities and stole data from Active Directory servers.

Attribution of the attack and geopolitical implications

The attack on the MOD and the development of Coathanger were attributed "with high confidence" to a threat actor sponsored by the government of the People's Republic of China. This episode is considered by Dutch authorities not to be an isolated event but rather a component of a larger Chinese political espionage campaign directed against the Netherlands and its allies. The trend of state-sponsored hackers exploiting vulnerabilities in edge devices exposed on the internet is a growing practice.

Tips for defending computer systems

MIVD and AIVD provided recommendations on mitigation and protection methods for organizations using FortiGate devices, advising to promptly implement security updates, disable unnecessary features, limit access to devices by disabling unnecessary services, ports and l management interface from the internet, as well as monitoring event logs for anomalous activity.

Follow us on Instagram for more pills like this

02/07/2024 15:08

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data