Chinese state-sponsored hackers successfully infiltrated a Dutch military network by exploiting a critical vulnerability in Fortinet’s FortiGate devices. The breach, orchestrated through the CVE-2022-42475 flaw in FortiOS SSL-VPN, allowed attackers to execute arbitrary code and deploy Coathanger, a stealthy backdoor malware, for remote access and persistence across device reboots and firmware updates.
Coathanger, named after a reference to Roald Dahl’s “Lamb to the Slaughter,” conceals its activities by intercepting system functions to evade detection. The malware’s deployment is highly selective, targeting vulnerable network perimeter devices for compromising high-value targets. This strategic cyberespionage campaign highlights the complexities of digital espionage and vulnerabilities in critical cybersecurity infrastructure.
The incident signifies the Netherlands’ first public attribution of a cyberespionage campaign to China, underscoring the importance of bolstering cybersecurity measures. Organizations are advised to apply timely updates and patches, conduct regular security assessments, enhance detection capabilities for stealth malware like Coathanger, and implement stringent access control measures to mitigate state-sponsored cyber threats effectively.
