Chinese government hackers have successfully hacked into the computer network of the Armed Forces of the Netherlands. They exploited a vulnerability in Fortinet Fortigate for this attack.
According to The application by the military intelligence and safety services of the Netherlands (MIVD), the compromised computer network was being used for unexpected research and development (R&D). As the system was autonomous, there was no damage caused to the protective network. Less than 50 users were affected by this hack.
The attack took place in 2023, and the hackers took advantage of a critical vulnerability in Fortios SSL VPN (CVE-2022-42475) with a CVSS assessment of 9.8. This vulnerability allowed the attackers to execute arbitrary code through specially crafted requests.
The successful exploitation of this vulnerability enabled the deployment of a backdoor known as coathanger from the hacker’s Command and Control (C2) server. This backdoor provides constant remote access to compromised devices.
The National Cybersecurity of the Netherlands has stated that the Coathanger program is “secure and stable.” It hides and intercepts systematic challenges that could expose its presence. The program remains in the system even after updates or reboots.
It is worth noting that this vulnerability was previously utilized in October 2022 during Chinese hacker espionage campaigns targeting government networks in Europe. Back then, the vulnerability was used to deliver the Boldmove backdoor, specifically designed to target Fortinet Fortigate inter-grid screens.
MIVD attributes these hacker attacks and malicious activities to political hackers from China with a “high degree of confidence.” The same malicious software has been discovered in the networks of the Western International Mission and several other organizations. Dutch intelligence believes that the virus was specifically developed to target Fortigate network screens. This incident marks the first public attribution by the Netherlands to China regarding a cyber espionage campaign.