"Chinese Hackers Infect Dutch Military Network With Malware"

According to the Military Intelligence and Security Service (MIVD) of the Netherlands, a Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices.  It was noted that despite backdooring the hacked systems, the damage from the breach was limited due to network segmentation.  The MIVD stated that the effects of the intrusion were limited because the victim network was segmented from the wider MOD networks.  The victim network had fewer than 50 users.  The MIVD noted that its purpose was research and development (R&D) of unclassified projects and collaboration with two third-party research institutes.  During the follow-up investigation, a previously unknown malware strain named Coathanger, a remote access trojan (RAT) designed to infect Fortigate network security appliances, was also discovered on the breached network.  The MIVD noted that the Coathanger implant is persistent, recovering after every reboot by injecting a backup of itself in the process responsible for rebooting the system.  Moreover, the infection survives firmware upgrades.  The MIVD stated that even fully patched FortiGate devices may be infected if they were compromised before the latest patch was applied.  While the attacks weren't attributed to a specific threat group, MIVD linked this incident with high confidence to a Chinese state-sponsored hacking group and added that this malicious activity is part of a broader pattern of Chinese political espionage targeting the Netherlands and its allies.

 

BleepingComputer reports: "Chinese Hackers Infect Dutch Military Network With Malware"

Submitted by Adam Ekwall on