Chinese hackers infiltrated the Dutch Defense Ministry's network

According to the General Intelligence and Security Service of the Netherlands, an unnamed Chinese cyber espionage group hacked into the country’s Ministry of Defense last year. It installed the Coathanger remote access trojan on compromised devices.
Authorities report that the damage from this attack was limited due to network segmentation, although the backdoor penetrated the Ministry of Defense’s network. According to the General Intelligence and Security Service of the Netherlands, an unnamed Chinese cyber espionage group hacked into the country’s Ministry of Defense last year.

Authorities report that the damage from this attack was limited due to network segmentation, although the backdoor penetrated the Ministry of Defense’s network.

“The affected network had fewer than 50 users. Its purpose was research and development (R&D) for non-secret projects and collaboration with two external research institutes. These organizations have already been informed about the incident,” according to the official statement.

As mentioned earlier, during the investigation of the incident, a previously unknown malware named Coathanger was discovered in the compromised network. It is a Remote Access Trojan (RAT) designed to target Fortigate security devices.

“Notably, the COATHANGER implant is persistent and reinstates itself after each reboot, embedding its backup into the process responsible for system restart. Moreover, it survives even after firmware updates,” Dutch experts warn. “Therefore, even fully patched FortiGate devices can be infected if compromised before patch installation.”

Deployment of Coathanger followed the exploitation of vulnerable FortiGate firewalls, which hackers targeted using the CVE-2022-42475 vulnerability in FortiOS SSL-VPN. It’s worth noting that in early 2023, it was revealed that this issue was exploited by hackers as a zero-day and used to target government organizations and associated entities.

Although this attack on the Ministry of Defense of the Netherlands has not been attributed to a specific hacking group, the General Intelligence and Security Service of the Netherlands believe that Chinese “government-affiliated” hackers are behind this incident, and this breach is part of a larger cyber espionage operation targeting the Netherlands and its allies.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment