Between 2022 and 2023, Chinese attackers managed to compromise at least 20,000 Fortinet devices, including some belonging to the Dutch government, reports show.
The news, recently confirmed by the Dutch Military Intelligence and Security Service (MIVD), also said the scope of the campaign was much wider than initially believed, and is now believed to affect at least 20,000 compromised endpoints worldwide.
The aim of the campaign appears to be cyber espionage, in which China illegally monitors Western countries.
Coat hanger RAT
In February 2024, the MIVD, together with the country’s General Intelligence and Security Service (AIVD), published a report detailing a campaign by Chinese state-sponsored threat actors against FortiOS/FortiProxy agencies. These devices were vulnerable to a remote code execution flaw, tracked as CVE-2022-42475.
At the time, the two organizations believed that the Chinese had infected around 14,000 devices: “During this so-called ‘zero-day’ period, the actor alone infected 14,000 devices. The targets include dozens of (Western) governments, international organizations and a large number of companies within the defense industry,” the MIVD said.
The victims also included devices belonging to the research and development department of the Dutch Ministry of Defense, albeit for unclassified projects.
To compromise the endpoints, the Chinese used a remote access Trojan (RAT) called Coathanger. This RAT allowed the attackers to persistently remain on the device even after reboots and firmware updates.
Although the patch became available a long time ago, the MIVD believes that Coathanger is still present on many devices because it is quite persistent and good at evading anti-virus programs.
China has a number of hacking groups on its payroll, including Volt Typhoon, which recently spent years lurking on the networks of crucial US infrastructure companies. APT31, on the other hand, was recently blamed for the theft of voter data in the United Kingdom that occurred in August 2021.
Through BleepingComputer