Security News > 2024 > June > 20,000 FortiGate appliances compromised by Chinese hackers
Coathanger - a piece of malware specifically built to persist on Fortinet's FortiGate appliances - may still be lurking on too many devices deployed worldwide.
It's also difficult to detect its presence by using FortiGate CLI commands, and to remove it from compromised devices.
The security services shared indicators of compromise and a variety of detection methods in an advisory, and explained that "The only currently identified way of removing [it] from an infected FortiGate device involves formatting the device and reinstalling and reconfiguring the device."
The threat actor installed the Coathanger malware at a later time, on devices of relevant targets.
Another problem is that the Coathanger malware can be used in combination with any present or future vulnerability in FortiGate devices - whether zero- or N-day.
Because almost every organization has one or more edge devices deployed, they added, it pays for threat actors to look for vulnerabilities affecting them.
News URL
https://www.helpnetsecurity.com/2024/06/12/coathanger-fortigate/
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Chinese hackers breached T-Mobile's routers to scope out network (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- U.S. org suffered four month intrusion by Chinese hackers (source)
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)