February 8, 2024 at 09:08AM
The Dutch Military Intelligence and Security Service (MIVD) uncovered a potent new malware strain called “Coathanger” being used by Chinese state-sponsored threat actors. It targets FortiGate devices and was deployed to spy on the Dutch Ministry of Defense in 2023. The report advises regular risk analysis and patching for edge devices due to their vulnerability.
Based on the meeting notes, the Dutch military intelligence has uncovered a new and persistent malware strain called “Coathanger,” being used by the Chinese government as part of a wider political espionage campaign. The malware has been used to spy on the Dutch Ministry of Defense in 2023 and is being delivered through a known vulnerability in Fortinet’s FortiGate devices (CVE-2022-42475). The malware is stealthy and persistent, capable of surviving reboots and firmware upgrades.
The report highlights that Coathanger does not exploit a new zero-day vulnerability but is deployed as a second-stage malware and could potentially be used with any future vulnerabilities in FortiGate devices. It is part of a wider campaign targeting Internet-facing edge devices including firewalls, VPN servers, and email servers.
To mitigate the risk of Coathanger and similar threats, intelligence analysts recommend performing regular risk analysis on edge devices, limiting Internet access on these devices, scheduled logging analysis, and replacing any hardware that is no longer supported. Additionally, it’s essential for businesses to stay vigilant and promptly apply patches for known vulnerabilities, as Fortinet devices are popular targets for cyberattacks.