Chinese hackers breached 20,000 Fortinet FortiGate systems worldwide in 2022 and 2023, using this access to target Western governments and private defense companies in a scheme described as “much more extensive than previously known.”
FortiGate is Fortinet’s firewall and network security platform. In February, the company confirmed a vulnerability that hackers exploited to install “Coathanger” malware, infiltrating government, service providers, consultancy, manufacturing, and large critical infrastructure organizations.
As reported by BleepingComputer, the Dutch Military Intelligence and Security Service (MIVD) discovered that the hackers ran a “political espionage campaign targeting the Netherlands and its allies.” In a two-month period prior to Fortinet’s disclosure, hackers infected at least 14,000 devices, according to the MIVD.
Subsequent investigations by the MIVD and the Dutch National Cyber Security Center (NCSC) revealed that the Chinese cyber espionage campaign is far more extensive than initially thought. They are calling for “extra attention to this campaign.”
🚨 Warning – Chinese state-sponsored hackers exploited a Fortinet FortiGate vulnerability to infect 20,000 systems globally, targeting governments, organizations, and the defense industry.
Read about it here: https://t.co/NYmTqNded3#cybersecurity
— The Hacker News (@TheHackersNews) June 12, 2024
Coathanger malware can persist on a device even after a security update, granting the Chinese hackers “permanent access to the systems.”
“It is not known how many victims actually have malware installed,” according to the MIVD and NCSC. They state it is likely that the state actor still has access to systems of a significant number of victims, potentially leading to further attacks, such as data theft.
The attack highlights a recent trend noted by the NCSC and Dutch intelligence services, where publicly accessible edge devices like firewalls, VPN servers, routers, and email servers are increasingly targeted.
Also Check Out: Newly Discovered ‘Noodle RAT’ Malware Targets Windows and Linux Systems
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Sandhya Goswami
Sandhya is a contributing author at Cloudways, specializing in content promotion and performance analysis. With a strong analytical approach and a keen ability to leverage data-driven insights, Sandhya excels in measuring the success of organic marketing initiatives.
