The Dutch Military Intelligence and Security Service (MIVD) has issued a warning about the extensive nature of a global Chinese cyber-espionage campaign, which is reportedly much broader than previously understood. The alert, published on Monday by the National Cyber Security Centre (NCSC), highlights that state-sponsored Chinese hackers have been exploiting a vulnerability in FortiGate devices for at least two months before Fortinet publicly disclosed the issue.
The MIVD revealed that the Chinese hacking group responsible for a 2023 attack on the Dutch Ministry of Defence has claimed approximately 20,000 victims worldwide within a few months. These victims include dozens of Western governments, international organizations, and numerous companies in the defense sector.
China’s embassy in The Hague has not commented on these allegations. Beijing typically denies accusations of cyber-espionage and maintains that it opposes all forms of cyberattacks.
The exploited vulnerability, tracked as CVE-2022-42475, allowed the hackers to infect 14,000 devices during the zero-day period. The Dutch intelligence agencies MIVD and AIVD previously disclosed that this cyber-espionage campaign had breached the Dutch Ministry of Defence’s internal computer network. The hackers deployed a remote access trojan (RAT) named COATHANGER to conduct network reconnaissance and exfiltrate user account data from the Active Directory server.
Subsequent investigations revealed that the Chinese hackers had gained access to at least 20,000 FortiGate systems globally during 2022 and 2023. While the number of victims infected with the COATHANGER malware remains unclear, the intelligence agencies warned that identifying and removing these infections is particularly challenging.
The NCSC and Dutch intelligence services emphasized that the state actor likely still maintains access to many compromised systems. They urged organizations to adopt the “Assume Breach” principle, which entails presuming that a successful cyberattack has either already occurred or will occur soon.
In its annual report released in April, the MIVD highlighted that Chinese espionage efforts targeted Dutch semiconductor, aerospace, and maritime industries to bolster China’s military capabilities.
Expanded Coverage: