A major Chinese government spying operation on a Dutch military network has been revealed. The military network was compromised through a FortiGate vulnerability. This also applies to her other customers Fortinet.
The Volt Typhoon botnet, allegedly operated by Chinese state hackers and recently shut down by the FBI, was also revealed to have been around for five years. The American security agency CISA post more details on February 7, 2024.
A network of the Dutch armed forces has been targeted by state hackers from China, as can be seen from the tweet below.
However, according to the Dutch Military Intelligence and Security Service (MIVD), this is a network used for unclassified research and development (R&D from research and development).
https://bsky.app/profile/ninjaowl.ai/post/3kksqer2e4e2u
The attack took place in 2023, with attackers exploiting a known critical vulnerability in FortiOS SSL VPN (CVE-2022-42475, CVSS Score: 9.3) that allows an unauthenticated attacker to run arbitrary code via specially crafted requests.
China was spying on the Netherlands with the new remote access trojan (RAT) “COATHANGER” malware.
The successful exploitation of the vulnerability mentioned above paved the way for COATHANGER to be installed as a backdoor that gave hackers remote access to the network.
More information
http://www.ncsc.nl/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear
https://www.ncsc.nl/actueel/advisory?id=NCSC%2D2022%2D0763
https://github.com/JSCU-NL/COATHANGER