Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Network Firewalls, Network Access Control

Dutch Agency Renews Warning of Chinese Fortigate Campaign

Chinese Cyberespionage Campaign Is 'Much Larger Than Previously Known'
Dutch Agency Renews Warning of Chinese Fortigate Campaign
The Dutch National Cyber Security Center said that a Chinese cyberespionage campaign exploiting Fortinet devices is larger than initially known. (Image: Shutterstock)

Chinese hackers breached thousands of vulnerable Fortigate network security appliances in a cyberespionage campaign "much larger than previously known," a Dutch cybersecurity agency warned Tuesday.

See Also: 4 Key Elements of an ML-Powered NGFW: How Machine Learning Is Disrupting Network Security

The Dutch National Cyber Security Center said hackers targeted dozens of Western governments, international organizations and defense contractors after exploiting a critical remote code execution flaw in FortiOS/FortiProxy between 2022 and 2023.

The state-sponsored hackers deployed a previously unknown malware strain capable of persisting on networks despite firmware and security upgrades. The actual number of victims remains unknown. Dutch intelligence services estimate the hacking group could still have access to hundreds of vulnerable devices worldwide and may be capable of stealing sensitive data.

The U.S. Cybersecurity and Infrastructure Security Agency included the critical flaw, tracked as CVE-2022-42475, in its Known Exploited Vulnerabilities Catalog. Dutch officials said the hackers likely maintain access to at least some victims due to the stealthy nature of the "Coathanger" remote access Trojan malware used to exploit Fortigate appliances.

The Dutch military intelligence service first reported the malware was found on a Ministry of Defense network, though the hackers were blocked from classified systems due to network segmentation protections. In total, at least 20,000 FortiGate systems were breached in the two months that preceded Fortinet disclosing the vulnerability, according to the intelligence service (see: Chinese Hackers Penetrated Unclassified Dutch Network).

The service issued a report with the Dutch General Intelligence and Security Service earlier this year that details how the Chinese hackers used Coathanger malware to target FortiGate systems.

"Since then, the MIVD has conducted further research and it has emerged that the Chinese cyberespionage campaign appears to be much more extensive than previously known," the service said in a Tuesday update.

The intelligence service urged organizations to apply an "assumed breach" principle that calls for measures to limit the damage and impact of a successful digital attack that has already taken place.

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.