Security News Chinese hackers infect Dutch military network with malware

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,366
A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.

However, despite backdooring the hacked systems, the damage from the breach was limited due to network segmentation.

"The effects of the intrusion were limited because the victim network was segmented from the wider MOD networks," said MIVD and the General Intelligence and Security Service (AIVD) in a joint report.

"The victim network had fewer than 50 users. Its purpose was research and development (R&D) of unclassified projects and collaboration with two third-party research institutes. These organizations have been notified of the incident."

During the follow-up investigation, a previously unknown malware strain named Coathanger, a remote access trojan (RAT) designed to infect Fortigate network security appliances, was also discovered on the breached network.

"Notably, the COATHANGER implant is persistent, recovering after every reboot by injecting a backup of itself in the process responsible for rebooting the system. Moreover, the infection survives firmware upgrades," the two Dutch agencies warned.

"Even fully patched FortiGate devices may therefore be infected, if they were compromised before the latest patch was applied."
 
F

ForgottenSeer 107474

A background article of a Dutch quality newspaper (Volkskrant which is after a paywall) states clearly that in Fortinet issued a patch in December 2022, which that (small) department did not implement. :eek::eek::eek: Luckily that department was a stand alone department, not connected to the main defense network.
 

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,366
Dutch military network hacked via FortiGate; Volt Typhoon botnet in US systems for 5 years
An espionage operation by the Chinese government in a computer network of the Dutch military has probably been uncovered. The military network was hacked via a vulnerability in FortiGate. This is also relevant for other Fortinet customers. And it has since been revealed that the Volt Typhoon botnet, which was allegedly operated by Chinese state-affiliated hackers and recently shut down by the FBI, had probably been in existence for five years. The US security agency CISA published further details on Feb. 7, 2024.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top