Security News > 2024 > February > Chinese hackers breached Dutch Ministry of Defense

Chinese state-sponsored hackers have breached the Dutch Ministry of Defense last year and deployed a new remote access trojan malware to serve as a backdoor.
"The effects of the intrusion were limited because the victim network was segmented from the wider MOD networks," the Dutch Military Intelligence and Security Service and the General Intelligence and Security Service noted.
A new RAT. During an investigation of a intrusion in the MOD's newtork last year, MIVD and AIVD uncovered a previously unknown malware that they named Coathanger.
"The name is derived from the peculiar phrase that the malware uses to encrypt the configuration on disk: 'She took his coat and hung it up'," MIVD and AIVD explained in the security advisory.
Coathanger is a remote access trojan that was specifically built for Fortinet's FortiGate appliances.
In this particular incident, hackers gained initial access to FortiGate devices by exploiting the critical FortiOS pre-auth RCE vulnerability, downloaded Coathanger, carried out reconnaissance of the network and managed to steal a list of user accounts from the Active Directory server.
News URL
https://www.helpnetsecurity.com/2024/02/07/chinese-hackers-dutch-mod/
Related news
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)