According to Dutch officials, the ongoing Chinese cyber espionage campaign targets “dozens” of Western governments.

Facebook
X
LinkedIn
Pinterest
Threads
Email

 Authorities claim that international organizations and the defense industry are its victims.

Dutch intelligence and security officials said on Monday that an ongoing cyber espionage operation with Chinese connections has successfully infiltrated “a significant number of victims,” including Western governments, international organizations, and the defense industry.

In February, Dutch authorities made the first public disclosure of a plan to target FortiGate edge devices and noted the discovery of a brand-new remote access trojan known as “Coathanger,” which was created to maintain FortiGate device access. Dutch authorities said in a statement that Monday’s report comes to the conclusion that “the Chinese cyber espionage campaign appears to be much more extensive than previously known.” The February report was the result of an investigation into a breach at the Dutch Ministry of Defense.

According to Dutch authorities, the Chinese-linked operation exploited a vulnerability that had been fixed in the FortiGate FortiOS software to gain access to at least 20,000 FortiGate systems worldwide within a few months in 2022 and 2023. Prior to Fortinet’s announcement, the hackers had been aware of the flaw for at least two months, infecting roughly 14,000 devices, according to Dutch authorities.

Targets incorporate “dozens” of Western legislatures, global associations and an enormous number of organizations inside the protection business. According to the Dutch investigation, the Chinese operation installed malware on systems connected to an unknown subset of “relevant” targets. Even when those targets updated FortiGate, the Chinese hackers were still able to access the systems.

On Tuesday, Fortinet did not respond to a comment request.

In a statement provided to CyberScoop on Tuesday, Liu Pengyu, a spokesperson for the Chinese Embassy, stated that the Chinese government opposes “any groundless smears and accusations against China” and that the nation “is a major victim of cyber attacks.”

We employ legal strategies to combat all forms of cyber attacks and maintain a firm stance against them. Pengyu stated, “China does not support, encourage, or condone hacker attacks.” Global challenges lie ahead in safeguarding cyberspace. False accusations and bloc confrontation, as with other issues, will only harm the global collective response to cybersecurity threats.

U.S. officials have issued a warning about sophisticated state-aligned hacking operations that have targeted vulnerable small office and home office routers to gain access to critical infrastructure and other sensitive networks. The Dutch authorities’ campaign highlights the ongoing abuse of edge devices, such as firewalls and routers.

Tom Hegel, the principal threat researcher at SentinelLabs, stated, “Edge network devices are a huge problem today.” Hegel, who is familiar with the Dutch government’s campaign and follows Chinese-aligned hacking operations. He said edge gadget security is “a major issue in light of the fact that scarcely any have security tech to guard them or even screen them. However, it is now the technology that is most frequently targeted.

The statement says that Dutch intelligence “consider it likely that the state actor could potentially expand its access to hundreds of victims worldwide and carry out additional actions such as stealing data,” despite the fact that the number of entities that have the malware installed is unknown.

The authorities wrote, “Infections from the actor are difficult to identify and remove.” Therefore, it is likely that the state actor still has access to the systems of a significant number of victims, according to the NCSC and the Dutch intelligence services.

Coathanger, according to Hegel, is a tool for backdoor capabilities and remote access. Through this access, high-value victims can then observe additional malware introduction into the network, “he stated.

Hegel stated, “include a variety of public and private organizations highly relevant to China’s global agenda,” but he declined to comment on specific known targets.

He went on to say that based on his knowledge of Chinese hacking operations, it’s likely that the hackers “made use of multiple malware families and network infrastructure which still remain unknown to us today, and maintaining long-term access to a broad variety of organizations is especially important to them.”

A request for clarification from the Chinese Embassy in Washington, D.C., was not received on Tuesday. A request for information regarding the number of U.S. businesses that were targeted as part of this operation was not met with a response from the Cybersecurity and Infrastructure Security Agency.

Never Miss An Update
Never miss any important news. Subscribe to our newsletter.
Latest News

Subscribe to our newsletter

Sign up for newsletter and receive exclusive cyber news regularly