Wednesday, February 14, 2024

Chinese Hackers Infect Dutch Military Network


 

Why do you have to have to a solid vulnerability and patch management processes?

Well? The answer is quite easy: To avoid being hacked.


A part of Dutch military network was hacked by Chinese hackers using a FortiGate firewall vulnerability which was first detected in October 2022. (CVE-2022-42475 FortiOS SSL-VPN) The damage was limited due to the network segmantation in the network design.


https://bit.ly/3uwhqN7


"A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands."


"During the follow-up investigation, a previously unknown malware strain named Coathanger, a remote access trojan (RAT) designed to infect Fortigate network security appliances, was also discovered on the breached network."


"Even fully patched FortiGate devices may therefore be infected, if they were compromised before the latest patch was applied.


The malware operates stealthily and persistently, hiding itself by intercepting system calls to avoid revealing its presence. It also persists through system reboots and firmware upgrades."


"While the attacks weren't attributed to a specific threat group, MIVD linked this incident with high confidence to a Chinese state-sponsored hacking group and added that this malicious activity is part of a broader pattern of Chinese political espionage targeting the Netherlands and its allies."


"'For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China,' said Defense Minister Kajsa Ollongren."


No comments:

Post a Comment