Cyber Attack Hacking News

Chinese hackers exploited FortiGate Flaw to break the Dutch Military Network

Vikash Kumawat2133 views

Chinese state -backed hackers broke into a computer network, which is used by the Dutch armed forces by targeting Fortinet FortiGate devices.

The Dutch Military Intelligence and Security Service (MIVD) said in a statement, “This [computer network] was used for uninterrupted research and development (R&D).” “Because this system was self-contained, it did not harm the defense network.” There were less than 50 users in the network.

The intrusion, which took place in 2023, leveraged a known critical security flaw in FortiOS SSL-VPN (CVE-2022-42475, CVSS score: 9.3) that allows an unauthenticated attacker to execute arbitrary code via specially crafted requests.

The successful exploitation of the defect paved the route for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server, designed to give frequent remote access to compromised equipment.

The Dutch National Cyber Security Center (NCSC) said, “COATHANGER Malware is secret and frequent.” “This hooking system hides itself by calls that can reveal its appearance. It saves the reboot and firmware upgrade.”

COATHANGER is distinct from BOLDMOVE, another backdoor linked to a suspended China-based threat actor that’s known to have exploited CVE-2022-42475 as a zero-day in attacks targeting a European government  entity and a Managed Service Provider (MSP) Located in Africa As early as October 2022.

For the first time, the Netherlands have publicly blamed a cyber espionage campaign for China. Reuters, who broke the story, said that the malware is named after a code Snippet, with a short story of British writer Roald Dahl, a line from the Lamb to The Slaughter.

US authorities also come a few days after taking steps to end a botnet, including Cisco and Netgear Router, which were used by Chinese threat actors such as Volt Typhoon to hide the origin of malicious traffic.

Last year, Google-owned Mandiant revealed that a China-nexus cyber espionage group tracked as UNC3886 exploited zero-days in Fortinet appliances to deploy THINCRUST and CASTLETAP implants for executing arbitrary commands received from a remote server and exfiltrating sensitive data.

Related posts

Hackers are taking advantage of Ivanti VPN flaws to deploy KrustyLoader malware

Russian Coldriver hackers are moving beyond phishing with custom malware

Iranian hackers pose as journalists to spy on Israel-Hamas war experts

2 comments

pillow May 4, 2024 - 10:29 am
obviously like your website but you need to test the spelling on quite a few of your posts Several of them are rife with spelling problems and I to find it very troublesome to inform the reality on the other hand Ill certainly come back again
pillow May 5, 2024 - 9:10 pm
Attractive section of content I just stumbled upon your blog and in accession capital to assert that I get actually enjoyed account your blog posts Anyway I will be subscribing to your augment and even I achievement you access consistently fast
Add Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More