BEIJING (dpa-AFX) - The Netherlands Cybersecurity Agency or NCSC warned that the espionage led by Chinese hackers during 2022 and 2023 was 'much larger than previously known.'
In February, the Dutch Military Intelligence and Security Service or MIVD reported that a Chinese state-sponsored malware campaign compromised 20,000 FortiGate systems, out of which 14,000 were breached during 'zero-day', a period of two months before Fortinet (FTNT) became aware of the situation.
'Targets include dozens of governments, international organizations, and a large number of companies within the defense industry,' the MIVD stated.
The malware Coathanger, a remote access trojan, could be only removed by complete device reformat as it is capable of surviving system reboots and firmware updates, the agency added. Also, it is difficult to detect its presence using FortiGate CLI commands.
'This gave the state actor permanent access to the systems. Even if a victim installs security updates from FortiGate, the state actor continues to keep this access,' the MIVD found.
'It is not known how many victims actually have malware installed. The Dutch intelligence services and the NCSC consider it likely that the state actor could potentially expand his access to hundreds of victims worldwide and carry out additional actions such as stealing data.'
The cybersecurity agency also noted that the problem is not limited to Fortinet appliances, but also affects 'edge' devices, such as firewalls, VPN servers, routers, and SMTP servers.
'Recent incidents and identified vulnerabilities within various edge devices show that these products are often not designed according to modern security-by-design principles,' the NCSC stated.
Copyright(c) 2024 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
© 2024 AFX News
