Hackers backed by the Chinese government broke into a computer network used by the Dutch military, via a bug in Fortinet’s FortiGate firewalls. The hack, which occurred last year, was carried out by exploiting a known critical security flaw in FortiOS SSL-VPN (CVE-2022-42475) that allows an unauthenticated attacker to execute arbitrary code via specially crafted requests. The bug was classified with a score of 9.3 in the common vulnerability scoring system (CVSS).
“It is was used for research and development [P&D] and does not involve anyclassified information or activity that puts security at risk,” the Dutch Military Intelligence and Security Service (MIVD) said in a statement. “As this system was independent, it did not cause any damage to the defense network.” The network has less than 50 users.
Successful exploitation of the flaw allowed the deployment of a backdoor called Coathanger from a hacker-controlled server designed to grant persistent remote access to compromised devices. “The Coathanger malware is stealthy and persistent,” said the Dutch National Cyber Security Center (NCSC). “It hides by intercepting system calls that could reveal its presence. It survives reboots and firmware updates.”
The hack marks the first time the Netherlands has publicly attributed a cyber espionage campaign to China. A Reutersthe first to break the story, said the malware’s name comes from a snippet of code that contained a line from “Lamb to the Slaughter,” a short story by British author Roald Dahl.
Last year, Google-owned cybersecurity firm Mandiant revealed that Chinese cyber espionage group tracked as UNC3886 exploited zero-days on Fortinet devices to deploy ThinCrust and Castletap malware to execute arbitrary commands received from a remote server and exfiltrate confidential data.
Source: CisoAdvisor
