Chinese state -backed hackers broke into a computer network, which is used by the Dutch armed forces by targeting Fortinet FortiGate devices.
The Dutch Military Intelligence and Security Service (MIVD) said in a statement, “This [computer network] was used for uninterrupted research and development (R&D).” “Because this system was self-contained, it did not harm the defense network.” There were less than 50 users in the network.
The intrusion, which took place in 2023, leveraged a known critical security flaw in FortiOS SSL-VPN (CVE-2022-42475, CVSS score: 9.3) that allows an unauthenticated attacker to execute arbitrary code via specially crafted requests.
The successful exploitation of the defect paved the route for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server, designed to give frequent remote access to compromised equipment.
The Dutch National Cyber Security Center (NCSC) said, “COATHANGER Malware is secret and frequent.” “This hooking system hides itself by calls that can reveal its appearance. It saves the reboot and firmware upgrade.”
COATHANGER is distinct from BOLDMOVE, another backdoor linked to a suspended China-based threat actor that’s known to have exploited CVE-2022-42475 as a zero-day in attacks targeting a European government entity and a Managed Service Provider (MSP) Located in Africa As early as October 2022.
For the first time, the Netherlands have publicly blamed a cyber espionage campaign for China. Reuters, who broke the story, said that the malware is named after a code Snippet, with a short story of British writer Roald Dahl, a line from the Lamb to The Slaughter.
US authorities also come a few days after taking steps to end a botnet, including Cisco and Netgear Router, which were used by Chinese threat actors such as Volt Typhoon to hide the origin of malicious traffic.
Last year, Google-owned Mandiant revealed that a China-nexus cyber espionage group tracked as UNC3886 exploited zero-days in Fortinet appliances to deploy THINCRUST and CASTLETAP implants for executing arbitrary commands received from a remote server and exfiltrating sensitive data.
14 comments
obviously like your website but you need to test the spelling on quite a few of your posts Several of them are rife with spelling problems and I to find it very troublesome to inform the reality on the other hand Ill certainly come back again
Attractive section of content I just stumbled upon your blog and in accession capital to assert that I get actually enjoyed account your blog posts Anyway I will be subscribing to your augment and even I achievement you access consistently fast
I do believe all the ideas youve presented for your post They are really convincing and will certainly work Nonetheless the posts are too short for novices May just you please lengthen them a little from subsequent time Thanks for the post
helloI like your writing very so much proportion we keep up a correspondence extra approximately your post on AOL I need an expert in this space to unravel my problem May be that is you Taking a look forward to see you
Thank you for the good writeup It in fact was a amusement account it Look advanced to far added agreeable from you However how could we communicate
Thank you I have just been searching for information approximately this topic for a while and yours is the best I have found out so far However what in regards to the bottom line Are you certain concerning the supply
Normally I do not read article on blogs however I would like to say that this writeup very forced me to try and do so Your writing style has been amazed me Thanks quite great post
Hi my loved one I wish to say that this post is amazing nice written and include approximately all vital infos Id like to peer more posts like this
Its like you read my mind You appear to know a lot about this like you wrote the book in it or something I think that you could do with some pics to drive the message home a little bit but instead of that this is fantastic blog An excellent read I will certainly be back
I loved as much as you will receive carried out right here The sketch is attractive your authored material stylish nonetheless you command get got an impatience over that you wish be delivering the following unwell unquestionably come more formerly again since exactly the same nearly a lot often inside case you shield this hike
Simply desire to say your article is as surprising The clearness in your post is simply excellent and i could assume you are an expert on this subject Fine with your permission let me to grab your feed to keep up to date with forthcoming post Thanks a million and please carry on the gratifying work
Fantastic site A lot of helpful info here Im sending it to some buddies ans additionally sharing in delicious And naturally thanks on your sweat
My brother suggested I might like this website He was totally right This post actually made my day You cannt imagine just how much time I had spent for this information Thanks
hiI like your writing so much share we be in contact more approximately your article on AOL I need a specialist in this area to resolve my problem Maybe that is you Looking ahead to see you