Chinese Hackers Have A Global Impact
Chinese state-sponsored hackers have gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, suggesting that the operation had a broader impact than previously known.
The campaign targeted dozens of Western governments, international organisations, and a large number of companies in the defence industry.
"The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the vulnerability," the Dutch National Cyber Security Centre (NCSC) published a new bulletin. During this so-called zero-day period, the actor alone infected 14,000 devices." The names of the victims organisations have not been disclosed.
These findings are build on a previous statement from February 2024, which found that the attackers had breached a computer network used by the Dutch armed forces. The intrusion paved the way for the deployment of a backdoor codenamed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances, and act as a launching point for more malware.
The Dutch NCSC said the adversary opted to install the malware long after obtaining initial access in an effort to retain their control over the devices, although it's not clear how many victims had their devices infected with the implant.
These developments highlight the trend of cyber attacks hitting edge appliances to breach networks of interest. "Due to the security challenges of edge devices, these devices are a popular target for malicious actors... Edge devices are located at the edge of the IT network and regularly have a direct connection to the internet. In addition, these devices are often not supported by Endpoint Detection and Response (EDR) solutions." the NCSC said.
China has a number of affiliated hacking groups that it controls, including Volt Typhoon which was recently detected in the networks of critical US infrastructure firms for years. Also, APT31, which has been blamed for UK voter data theft.
NCSC.NL | NCSC.NL |Hacker News | WithSecure | The Hindu | Techradar | HelpNetSecrurity
Image: fotomay
You Might Also Read:
Dutch Intelligence Agency Pinpoints Cyberattacks:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible