June 12, 2024 at 10:06AM
The Netherlands’ cybersecurity agency revealed an extensive Chinese state-sponsored malware attack on FortiGate systems, compromising at least 20,000 units, impacting Western governments, defense companies, and international organizations. Coathanger malware provided persistent access and is distinct from other RATs. Dutch intelligence suspects continued Chinese control over infected systems worldwide, highlighting edge device vulnerabilities.
Key Takeaways:
1. The cyber attack on the Ministry of Defense in the Netherlands was more extensive than initially reported, with Chinese state-sponsored attackers compromising at least 20,000 FortiGate systems.
2. The attackers utilized a stealthy malware called Coathanger, named after a peculiar phrase displayed during its encryption process, which was specifically designed for compromised FortiGate firewalls.
3. The attack exploited a critical buffer overflow bug, CVE-2022-42475, in FortiOS SSL-VPN for remote code execution, which allowed the attackers to establish persistent access even after updates were installed.
4. Dutch intelligence believes a significant number of infected systems remain under the control of the Chinese attackers, with potential to expand access to hundreds of victims worldwide and steal data.
5. The attack underscores the increasing trend of targeting edge services, such as Fortinet’s firewalls, due to their inherent security challenges and vulnerability to exploitation.
Let me know if you need further clarification or additional details!