Security News > 2024 > June > 20,000 FortiGate appliances compromised by Chinese hackers
Coathanger - a piece of malware specifically built to persist on Fortinet's FortiGate appliances - may still be lurking on too many devices deployed worldwide.
It's also difficult to detect its presence by using FortiGate CLI commands, and to remove it from compromised devices.
The security services shared indicators of compromise and a variety of detection methods in an advisory, and explained that "The only currently identified way of removing [it] from an infected FortiGate device involves formatting the device and reinstalling and reconfiguring the device."
The threat actor installed the Coathanger malware at a later time, on devices of relevant targets.
Another problem is that the Coathanger malware can be used in combination with any present or future vulnerability in FortiGate devices - whether zero- or N-day.
Because almost every organization has one or more edge devices deployed, they added, it pays for threat actors to look for vulnerabilities affecting them.
News URL
https://www.helpnetsecurity.com/2024/06/12/coathanger-fortigate/
Related news
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)