Security News > 2024 > February > Chinese hackers infect Dutch military network with malware
A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands.
During the follow-up investigation, a previously unknown malware strain named Coathanger, a remote access trojan designed to infect Fortigate network security appliances, was also discovered on the breached network.
The Chinese hackers deployed the Coathanger malware for cyber espionage purposes on vulnerable FortiGate firewalls they compromised by exploiting the CVE-2022-42475 FortiOS SSL-VPN vulnerability.
Microsoft: Hackers target defense firms with new FalseFont malware.
FBI disrupts Chinese botnet by wiping malware from infected routers.
Chinese hackers exploit VMware bug as zero-day for two years.
News URL
Related news
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- Chinese national accused by Feds of spear-phishing for NASA, military source code (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military (source)
- Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-02 | CVE-2022-42475 | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |