"20,000 FortiGate Appliances Compromised by Chinese Hackers"

"Coathanger," a piece of malware designed specifically to live on Fortinet's FortiGate appliances, may still be present on many devices. The Dutch Military Intelligence and Security Service (MIVD) and General Intelligence and Security Service (AIVD) reported in February 2024 that Chinese state-sponsored hackers breached the Dutch Ministry of Defense in 2023 by exploiting a FortiOS pre-auth Remote Code Execution (RCE) vulnerability and launched Remote Access Trojan (RAT) malware to create a persistent backdoor. The Coathanger RAT survived reboots and firmware upgrades. This article continues to discuss Coathanger's persistence on FortiGate devices.

Help Net Security reports "20,000 FortiGate Appliances Compromised by Chinese Hackers"

Submitted by grigby1

Submitted by Gregory Rigby on