June 11, 2024 at 12:28PM
Dutch Military Intelligence and Security Service (MIVD) warned of the significant impact of a Chinese cyber-espionage campaign. Exploiting a critical vulnerability in FortiOS/FortiProxy, Chinese hackers infected 14,000 devices, targeting governments, organizations, and defense industry. They deployed a remote access trojan malware, giving them permanent access to systems and breaching at least 20,000 FortiGate systems worldwide.
Key takeaways from the meeting notes:
– The Dutch Military Intelligence and Security Service (MIVD) warned about the significant impact of a Chinese cyber-espionage campaign involving the exploitation of a critical FortiOS/FortiProxy vulnerability (CVE-2022-42475) to deploy malware on vulnerable Fortigate network security appliances.
– The campaign targeted (Western) governments, international organizations, and companies within the defense industry, with the attackers infecting 14,000 devices during the ‘zero-day’ period.
– The attackers used the Coathanger remote access trojan (RAT) malware, which was found on a Dutch Ministry of Defence network used for unclassified projects, but network segmentation prevented further access.
– The malware strain allowed permanent access even after security updates and could survive system reboots and firmware upgrades, posing a serious threat to victims globally.
– At least 20,000 FortiGate systems were breached, and the attackers’ continued access is attributed to the difficulty of detecting and removing the Coathanger malware.
– Similar Chinese hacking campaigns targeting unpatched appliances have been disclosed, including the exploitation of vulnerabilities in SonicWall Secure Mobile Access (SMA) appliances.
These takeaways capture the key points related to the Chinese cyber-espionage campaign and its potential impact on various targets, the nature of the malware used, and the challenges associated with detecting and removing the threat.