Go to listing page

Chinese Threat Actors Found Spying on Dutch Defense Ministry Network

Chinese Threat Actors Found Spying on Dutch Defense Ministry Network
In a significant cybersecurity event, Chinese state-sponsored hackers exploited a vulnerability in Fortinet's FortiGate devices to infiltrate a Dutch military network. This network, crucial for unclassified research and development, was compromised without causing damage to the broader defense network due to its isolated nature.

Diving into details

  • The breach was orchestrated by leveraging a critical flaw in FortiOS SSL-VPN, identified as CVE-2022-42475, enabling attackers to execute arbitrary code through specially crafted requests. 
  • This vulnerability facilitated the deployment of Coathanger, a stealthy and persistent backdoor malware, designed for remote access, evasion of detection, and persistence across device reboots and firmware updates.

A bit on Coathanger

The use of Coathanger malware, named after a snippet of code referencing Roald Dahl's "Lamb to the Slaughter," emphasizes the malware's stealth and the strategic depth of the cyberespionage activities undertaken.
  • The malware conceals its activities by intercepting system functions that might expose it. It's designed to remain operational through system restarts and updates to firmware. 
  • According to assessments by the MIVD & AIVD, Coathanger’s deployment seems to be highly selective. The operators behind this malware systematically search for and compromise vulnerable network perimeter devices. 
  • For certain targets deemed of high interest, Coathanger is then employed as a discrete method for maintaining communication.

The bottom line

This incident marks the Netherlands' first public attribution of a cyberespionage campaign to China, shedding light on the complexities of digital espionage and the vulnerabilities within critical cybersecurity infrastructure. Organizations are urged to enhance their cybersecurity measures by applying timely updates and patches, conducting regular security assessments, improving detection capabilities for stealth malware like Coathanger, and implementing stringent access control measures to safeguard against sophisticated state-sponsored cyber threats.
Cyware Publisher

Publisher

Cyware