Chinese Hackers Have A Global Impact

Chinese state-sponsored hackers have gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, suggesting that the operation had a broader impact than previously known. 

The campaign targeted dozens of Western governments, international organisations, and a large number of companies in the defence industry.

"The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the vulnerability," the Dutch National Cyber Security Centre (NCSC) published a new bulletin.  During this so-called zero-day period, the actor alone infected 14,000 devices." The names of the victims organisations have not been disclosed.

These findings are build on a previous statement from February 2024, which found that the attackers had breached a computer network used by the Dutch armed forces. The intrusion paved the way for the deployment of a backdoor codenamed COATHANGER from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances, and act as a launching point for more malware.

The Dutch NCSC said the adversary opted to install the malware long after obtaining initial access in an effort to retain their control over the devices, although it's not clear how many victims had their devices infected with the implant.

These developments highlight the trend of cyber attacks hitting edge appliances to breach networks of interest. "Due to the security challenges of edge devices, these devices are a popular target for malicious actors... Edge devices are located at the edge of the IT network and regularly have a direct connection to the internet. In addition, these devices are often not supported by Endpoint Detection and Response (EDR) solutions." the NCSC said.

China has a number of affiliated hacking groups that it controls, including Volt Typhoon which was recently detected in the networks of critical US infrastructure firms for years. Also, APT31, which has been  blamed for UK voter data theft

NCSC.NL   |      NCSC.NL   |Hacker News   |      WithSecure  |    The Hindu   |   Techradar   |   HelpNetSecrurity     

Image: fotomay

You Might Also Read: 

Dutch Intelligence Agency Pinpoints Cyberattacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 




 

« Taming Aggressive Algorithms
Top Ten IoT Security Challenges & Solutions »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

ArmorCode

ArmorCode

ArmorCode's intelligent application security platform gives us unified visibility into AppSec postures and automates complex DevSecOps workflows.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Applied Connective Technologies

Applied Connective Technologies

Applied Connective is one team for all your technology needs, from IT to phones, cyber security to physical security, audio/video and the infrastructure to support it.

Metrics that Matter (MTM)

Metrics that Matter (MTM)

Metrics that Matter redefines how organizations approach cybersecurity by offering unprecedented insight into the value of their assets to criminals and tailored action plans to protect.