Dutch authorities reveal extensive Chinese cyber-espionage operation

The intelligence services warn that a Chinese cyber-espionage campaign exploiting a vulnerability has compromised thousands of systems globally, with access likely still maintained in many cases.

Cyberespionage

The Dutch military intelligence and security service (MIVD) has raised alarms over a global Chinese cyber-espionage campaign, that successfully targeted ‘a significant number of victims’, including Western governments, international organisations and the defense industry. The Netherlands’ National Cyber Security Centre (NCSC) provided the details of this operation in the warning sharing how state-sponsored hackers exploited a vulnerability in FortiGate devices for ‘at least two months before Fortinet announced the vulnerability.’

This vulnerability, identified as CVE-2022-42475, was leveraged during a ‘zero-day period’ to compromise around 14,000 devices in Netherlands. In particular, the warning says that the had successfully breached the internal computer network of the Dutch Ministry of Defence. After gaining access, the hackers deployed a remote access trojan (RAT) named COATHANGER to perform reconnaissance and exfiltrate user account information from the Active Directory server. It, however, remains unclear how many of these systems were infected with the COATHANGER malware. The MIVD warned that identifying and removing these infections is particularly challenging.

“The NCSC and the Dutch intelligence services therefore state that it is likely that the state actor still has access to systems of a significant number of victims,” the report cautioned, emphasizing the ongoing threat posed by this extensive cyber-espionage campaign.