Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,366
A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.
However, despite backdooring the hacked systems, the damage from the breach was limited due to network segmentation.
"The effects of the intrusion were limited because the victim network was segmented from the wider MOD networks," said MIVD and the General Intelligence and Security Service (AIVD) in a joint report.
"The victim network had fewer than 50 users. Its purpose was research and development (R&D) of unclassified projects and collaboration with two third-party research institutes. These organizations have been notified of the incident."
During the follow-up investigation, a previously unknown malware strain named Coathanger, a remote access trojan (RAT) designed to infect Fortigate network security appliances, was also discovered on the breached network.
"Notably, the COATHANGER implant is persistent, recovering after every reboot by injecting a backup of itself in the process responsible for rebooting the system. Moreover, the infection survives firmware upgrades," the two Dutch agencies warned.
"Even fully patched FortiGate devices may therefore be infected, if they were compromised before the latest patch was applied."
Chinese hackers infect Dutch military network with malware
A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.
www.bleepingcomputer.com