Security News > 2024 > June > 20,000 FortiGate appliances compromised by Chinese hackers
Coathanger - a piece of malware specifically built to persist on Fortinet's FortiGate appliances - may still be lurking on too many devices deployed worldwide.
It's also difficult to detect its presence by using FortiGate CLI commands, and to remove it from compromised devices.
The security services shared indicators of compromise and a variety of detection methods in an advisory, and explained that "The only currently identified way of removing [it] from an infected FortiGate device involves formatting the device and reinstalling and reconfiguring the device."
The threat actor installed the Coathanger malware at a later time, on devices of relevant targets.
Another problem is that the Coathanger malware can be used in combination with any present or future vulnerability in FortiGate devices - whether zero- or N-day.
Because almost every organization has one or more edge devices deployed, they added, it pays for threat actors to look for vulnerabilities affecting them.
News URL
https://www.helpnetsecurity.com/2024/06/12/coathanger-fortigate/
Related news
- Chinese hackers hide on military and govt networks for 6 years (source)
- Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (source)
- Chinese hackers breached 20,000 FortiGate systems worldwide (source)
- Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (source)