AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

National security breached: chinese hackers infiltrate Dutch MOD

The cyber incursion undermines the integrity of Dutch systems and raises global security issues

Chinese hackers used malware called "Coathanger" to infiltrate Dutch Ministry of Defense systems through Fortinet devices, but the attack was limited.

This pill is also available in Italian language

Recent investigations conducted by the Dutch military and security intelligence services (MIVD and AIVD) have brought to light that a Chinese state-sponsored hacking group breached the system of the Dutch Ministry of Defense (MOD) last year. Hackers have introduced a new remote access trojan (RAT), nicknamed "Coathanger", into Fortinet devices used by the MOD. Reports indicate that the impact of the attack was contained by segmenting the affected network from other MOD networks.

The "Coathanger" malware identified by Dutch 007s

The RAT in question, called Coathanger, was designed to specifically target Fortinet's FortiGate appliances. This malware stands out for its persistent nature, being able to resist both system reboots and firmware updates, injecting itself into system processes. Furthermore, its ability to evade detection using standard FortiGate CLI commands makes it particularly insidious. Attackers exploited a critical unauthenticated remote code execution vulnerability (CVE-2022-42475) in FortiGate devices to gain access and, after installing Coathanger, performed reconnaissance activities and stole data from Active Directory servers.

Attribution of the attack and geopolitical implications

The attack on the MOD and the development of Coathanger were attributed "with high confidence" to a threat actor sponsored by the government of the People's Republic of China. This episode is considered by Dutch authorities not to be an isolated event but rather a component of a larger Chinese political espionage campaign directed against the Netherlands and its allies. The trend of state-sponsored hackers exploiting vulnerabilities in edge devices exposed on the internet is a growing practice.

Tips for defending computer systems

MIVD and AIVD provided recommendations on mitigation and protection methods for organizations using FortiGate devices, advising to promptly implement security updates, disable unnecessary features, limit access to devices by disabling unnecessary services, ports and l management interface from the internet, as well as monitoring event logs for anomalous activity.

Follow us on Facebook for more pills like this

02/07/2024 15:08

Editorial AI

Last pills

Data breach: 560 million users involvedHow to protect yourself from the consequences of a major data breach

Ransomware attack on Synnovis: London health services in crisisSevere disruption to pathology and diagnostic services in London

A new LPE exploit for Windows for sale in the undergroundA new local privilege escalation threat for Windows in the underground forums

Critical failure in Check Point VPN solutions: risks and security measuresExposure of enterprise systems: urgent updates and patches to protect networks