HomeCII/OTChina caught deploying RAT developed for FortiGate devices

China caught deploying RAT developed for FortiGate devices

Published on

spot_img

The Netherlands’ military intelligence and security service (MIVD) has issued a warning about the discovery of a new malware strain, believed to be deployed by the Chinese government as part of a broader political espionage campaign. The malware, known as “Coathanger,” is a remote access Trojan (RAT) and has been found to exploit a known vulnerability in FortiGate edge devices. According to reports, Coathanger was used to spy on the Dutch Ministry of Defense (MOD) in 2023.

The Coathanger malware is described as stealthy and persistent, making it difficult to detect. Dutch officials stated that the malware can hide itself by hooking system calls and is capable of surviving reboots and firmware upgrades. It is also deployed as second-stage malware, which means it does not rely on new zero-day exploits to infect target systems. However, it is also capable of being used in conjunction with any future FortiGate device vulnerabilities.

The MIVD emphasized that the threat posed by Coathanger is part of a wider cyberespionage campaign conducted by Chinese state-sponsored threat actors. These actors are targeting various Internet-facing edge devices, including firewalls, VPN servers, and email servers. The advisory issued by Dutch authorities cautioned that Chinese threat actors are known to conduct wide and opportunistic scanning campaigns to identify both published and unpublished software vulnerabilities on these devices, often exploiting them soon after they are discovered.

Fortinet’s FortiGate devices, in particular, have been singled out as prime targets for cyber-attacks, with the company recently reporting two max-severity bugs in its FortiSIEM solution. This underscores the importance of timely patching and regular security maintenance for businesses using these devices.

To mitigate the risk posed by Coathanger and similar malware, intelligence analysts in the Netherlands have recommended several measures. These include performing regular risk analysis on edge devices, limiting Internet access on these devices, conducting scheduled logging analysis, and replacing any hardware that is no longer supported.

The discovery of Coathanger and the broader threat posed by Chinese cyber-espionage efforts serve as a reminder of the persistent and evolving nature of cybersecurity challenges faced by governments and businesses around the world. As threat actors continue to develop new tactics and tools, it is essential for organizations to remain vigilant and proactive in their cybersecurity efforts, including staying informed about potential vulnerabilities and taking appropriate measures to mitigate risks.

Source link

Latest articles

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...

DVIDS News: AvengerCon VIII – Army Cyber’s Homegrown Hacker Con Makes a Comeback

of the big things we missed was being able to share our experiences among...

More like this

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...
en_USEnglish