Chinese hackers breached 20,000 Fortinet FortiGate systems worldwide in 2022 and 2023 and used that access to target Western governments and private defense companies.
FortiGate is Fortinet’s firewall and network security platform. In February, the company confirmed a vulnerability that hackers exploited to install “Coathanger” malware and infiltrate government, service providers, consultancy, manufacturing, and large critical infrastructure organizations.
As BleepingComputer reports, the Dutch Military Intelligence and Security Service (MIVD) found that the hackers attempted to run a “political espionage campaign targeting the Netherlands and its allies.” In a two-month period prior to Fortigate’s disclosure, hackers infected at least 14,000 devices, according to the MIVD.
In the months since, an investigation from MIVD and the Dutch National Cyber Security Center (NCSC) “has shown that the Chinese cyber espionage campaign appears to be much more extensive than previously known.” They’re calling for “extra attention to this campaign.”
Coathanger malware can stay on a device even after a security update, giving the Chinese hackers “permanent access to the systems.”
“It is not known how many victims actually have malware installed,” according to the MIVD and NCSC. “The NCSC and the Dutch intelligence services therefore state that it is likely that the state actor still has access to systems of a significant number of victims.” This could lead to further, and expanded attacks, such as stealing data.
The attack builds on a recent trend the NCSC and Dutch intelligence services say they have been seeing for “some time,” which targets publicly accessible edge devices such as firewalls, VPN servers, routers, and email servers.
This post was originally published on the 3rd party site mentioned in the title of this this site