Security News > 2024 > June > 20,000 FortiGate appliances compromised by Chinese hackers
Coathanger - a piece of malware specifically built to persist on Fortinet's FortiGate appliances - may still be lurking on too many devices deployed worldwide.
It's also difficult to detect its presence by using FortiGate CLI commands, and to remove it from compromised devices.
The security services shared indicators of compromise and a variety of detection methods in an advisory, and explained that "The only currently identified way of removing [it] from an infected FortiGate device involves formatting the device and reinstalling and reconfiguring the device."
The threat actor installed the Coathanger malware at a later time, on devices of relevant targets.
Another problem is that the Coathanger malware can be used in combination with any present or future vulnerability in FortiGate devices - whether zero- or N-day.
Because almost every organization has one or more edge devices deployed, they added, it pays for threat actors to look for vulnerabilities affecting them.
News URL
https://www.helpnetsecurity.com/2024/06/12/coathanger-fortigate/
Related news
- Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware (source)
- Chinese hackers compromised an ISP to deliver malicious software updates (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)