The Coathanger malware that targeted Fortinet's FortiGate systems appears to be part of a broad and long-term Chinese cyber espionage campaign. This is what the Military Intelligence and Security Service, or MIVD, says.
In 2022 and 2023, at least 20,000 Fortinet systems worldwide were infected with a vulnerability with the characteristic CVE-2022-42475. The MIVD announces this. According to the intelligence service, the Chinese cyber espionage campaign appears to be 'much more extensive' than previously known.
Research has shown that the attackers abused the vulnerability for two months before Fortinet released a security update. During that zero-day period, 14,000 devices were infected with the Coathanger malware. Governments and defense companies, among others, have been affected by the malware.
The attackers continued to have access to the systems, even after victims had updated their systems. According to the MIVD, it is likely that the attackers still have access to the systems of many victims. It is not known how many victims have actually had malware installed, but it is expected to be hundreds of victims worldwide.
Leave a Reply
You must be logged in to post a comment.