Dutch intelligence has uncovered an extensive Chinese cyber espionage operation that infiltrated Western governments, international organizations, and the defense sector. The sophisticated campaign compromised over 20,000 FortiGate edge devices globally during 2022 and 2023 by exploiting a since-patched vulnerability in FortiOS software. The Chinese hackers knew about the vulnerability months before its public announcement, allowing them to compromise approximately 14,000 devices within that period.
The operation employed a new remote access trojan, dubbed “Coathanger,” to maintain access in FortiGate devices even after updates were applied. This underscores the persistent threat posed by edge devices like firewalls and routers, which are increasingly targeted by state-aligned hackers to infiltrate critical infrastructure.
Tom Hegel, a principal threat researcher with SentinelLabs, highlighted the severe security gap in edge devices, noting their lack of advanced defenses makes them prime targets. The Dutch investigation indicated that the malware’s presence is challenging to detect and eradicate, suggesting that numerous systems remain compromised.
This campaign exemplifies the ongoing abuse of edge devices in sophisticated cyber espionage, with the potential for long-term access to sensitive networks worldwide. The Dutch authorities emphasized the likelihood of further data theft and additional cyber actions from the state actor, urging vigilant cybersecurity measures.
The global cybersecurity community is on high alert since neither the Chinese Embassy in Washington nor the Cybersecurity and Infrastructure Security Agency have agreed to comment on the incident.
