Chinese Hackers Have A Global Impact

Chinese state-sponsored hackers have gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, suggesting that the operation had a broader impact than previously known. 

The campaign targeted dozens of Western governments, international organisations, and a large number of companies in the defence industry.

"The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the vulnerability," the Dutch National Cyber Security Centre (NCSC) published a new bulletin.  During this so-called zero-day period, the actor alone infected 14,000 devices." The names of the victims organisations have not been disclosed.

These findings are build on a previous statement from February 2024, which found that the attackers had breached a computer network used by the Dutch armed forces. The intrusion paved the way for the deployment of a backdoor codenamed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances, and act as a launching point for more malware.

The Dutch NCSC said the adversary opted to install the malware long after obtaining initial access in an effort to retain their control over the devices, although it's not clear how many victims had their devices infected with the implant.

These developments highlight the trend of cyber attacks hitting edge appliances to breach networks of interest. "Due to the security challenges of edge devices, these devices are a popular target for malicious actors... Edge devices are located at the edge of the IT network and regularly have a direct connection to the internet. In addition, these devices are often not supported by Endpoint Detection and Response (EDR) solutions." the NCSC said.

China has a number of affiliated hacking groups that it controls, including Volt Typhoon which was recently detected in the networks of critical US infrastructure firms for years. Also, APT31, which has been  blamed for UK voter data theft

NCSC.NL   |      NCSC.NL   |Hacker News   |      WithSecure  |    The Hindu   |   Techradar   |   HelpNetSecrurity     

Image: fotomay

You Might Also Read: 

Dutch Intelligence Agency Pinpoints Cyberattacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 




 

« Taming Aggressive Algorithms
Top Ten IoT Security Challenges & Solutions »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

Danish Maritime Cybersecurity Unit

Danish Maritime Cybersecurity Unit

The Danish Maritime Cybersecurity Unit is tasked with delivering the initiatives set out in the Cyber and Information Security Strategy for the Maritime Sector.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Citizen Lab - University of Toronto

Citizen Lab - University of Toronto

Citizen Lab focuses on research and development at the intersection of cyberspace, global security & human rights.

Intigriti

Intigriti

Intigriti is Europe's leading bug bounty and vulnerability disclosure platform, connecting organizations with a global community of ethical hackers to enhance cybersecurity through continuous testing.

U2opia Technology

U2opia Technology

U2opia is a consortium with a proven track record of delivering groundbreaking technology, cybersecurity, and innovative business solutions.

QEDIT

QEDIT

QEDIT is leading the standardization of Zero-Knowledge Proofs through the ZKProof.org Workshops, and builds production-grade ZKP systems for blockchain.

BreachBits

BreachBits

BreachBits are on a mission to deliver world-class cyber risk insights continuously at scale in situations where knowing the true risk truly matters.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

UBDS Digital

UBDS Digital

UBDS Digital is your Digital Lifecycle Partner for Secure Cloud Transformation.

Security Mind

Security Mind

Security Mind is an innovative Cyber Security Awareness program that aims to increase the awareness of each member of the organization and develop the ability to recognize potential cyber threats.