Dutch Intelligence Warns of Extensive Chinese Cyber-Espionage Campaign

The Dutch Military Intelligence and Security Service (MIVD) has issued a warning about the far-reaching consequences of a Chinese cyber-espionage operation disclosed earlier this year. According to the MIVD, the scale of this campaign is “much larger than previously known,” impacting numerous systems across multiple sectors. 

In a joint report with the General Intelligence and Security Service (AIVD) released in February, the MIVD described how Chinese hackers exploited a critical vulnerability in FortiOS/FortiProxy (CVE-2022-42475). This remote code execution flaw was used over several months between 2022 and 2023 to deploy malware on susceptible Fortigate network security devices.

During this “zero-day” period, about 14,000 devices were compromised. Targets included various Western governments, international organizations, and many companies within the defense industry. 

The malware, identified as the Coathanger remote access trojan (RAT), was detected on a network used by the Dutch Ministry of Defence for research and development (R&D) of unclassified projects. However, network segmentation prevented the attackers from spreading to other systems.

The MIVD highlighted that this previously unknown malware strain could persist through system reboots and firmware upgrades. It was used by a Chinese state-sponsored hacking group in a political espionage campaign targeting the Netherlands and its allies.&n

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.