Hackers with ties to the Chinese government exploited a critical vulnerability in Fortinet FortiGate systems, compromising 20,000 systems globally between 2022 and 2023. This indicates a wider impact than previously acknowledged.
“The state-sponsored group behind this cyber operation had knowledge of the vulnerability in FortiGate systems at least two months before it was publicly disclosed by Fortinet,” said the Dutch National Cyber Security Centre (NCSC) stated in a recent report. “During this so-called zero-day period, the group managed to infect 14,000 devices on its own.”
The attack was directed at numerous Western governments, global organizations, and a significant number of companies in the defense sector. The specific entities targeted were not disclosed.
This information supplements an earlier alert from February 2024, which revealed that hackers had infiltrated a Dutch military network by exploiting CVE-2022-42475 (CVSS score: 9.8), enabling remote code execution.
This security breach enabled the installation of a persistently accessible backdoor named COATHANGER from a server controlled by the cybercriminals. This backdoor was designed to allow remote control over the compromised devices and serve as a launching pad for additional malicious software.
The NCSC highlighted that the attackers chose to deploy the malware well after gaining entry initially, aiming to maintain control over the devices. However, it remains unclear how many devices were actually infected with the backdoor.
This recent development once again emphasizes the trend of cyber attacks targeting edge devices to infiltrate networks of interest.
“Considering the security issues associated with edge devices, they are becoming a popular target for malicious agents,” the NCSC explained. “These devices are typically located at the periphery of the IT network and often have direct internet connectivity. Moreover, they are frequently not covered by Endpoint Detection and Response (EDR) solutions.”
About Author
