A cyber attack by Chinese state-sponsored hackers that infiltrated a Dutch military network last year has been revealed by the Dutch government today. This incident marks the first time the Netherlands has publicly attributed such hostile digital espionage activities to China.
The Dutch Defense Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD) stated in a joint report that malicious software, called “Coathanger,” was discovered on a Dutch armed forces network used for unclassified research by around 50 people. The malware was designed to hide its presence and remain persistent even after system reboots.
Dutch Defense Minister Kajsa Ollongren emphasized the significance of making espionage activities committed by China public in order to increase international resilience to cyber espionage. The MIVD and AIVD assert that this incident is part of a broader trend of Chinese political espionage against the Netherlands and its allies.
The intelligence agencies assessed with “high confidence” that the cyber intrusion and custom malware were the work of Chinese state-backed actors. The Coathanger malware has also been found on networks belonging to other Western organizations and international government entities, with a specific focus on targeting Fortinet FortiGate firewalls, critical cybersecurity infrastructure used globally.
China has consistently denied hacking allegations and claims it opposes all forms of cyber attacks. However, last April, Dutch intelligence warned that China posed the biggest threat to the country’s economic security through relentless industrial espionage targeting high-tech firms and universities. The report highlighted ASML, the world’s leading supplier of lithography systems crucial for manufacturing semiconductors, as a prime target for Chinese espionage. The AIVD believes ASML is a focal point in China’s efforts to rapidly advance its domestic chip industry. China has also attempted to illegally obtain sensitive Dutch space and satellite technology, according to the MIVD.
While the full extent of the damage is still being assessed, Dutch officials have indicated that the impact appears limited since the compromised network was separate from core military systems. However, the intrusion enabled Chinese hackers to siphon unknown quantities of data and represented a troubling breach of Dutch cybersecurity.
This comes shortly after a Reuters report that the U.S. government took action to disrupt “Volt Typhoon,” a massive Chinese state-sponsored hacking operation that infected tens of thousands of home routers, firewalls, and other network appliances worldwide. It is unclear if the Dutch cyber attack is linked to this wider Chinese campaign.
In conclusion, the revelation of the cyber attack on the Dutch defense network by Chinese state-sponsored hackers has raised concerns about China’s aggressive efforts to obtain cutting-edge Dutch technology and its broader trend of political espionage against the Netherlands and its allies. The Dutch government’s decision to publicly attribute the attack to China aims to increase global awareness and resilience to such cyber espionage activities.