MIVD: Chinese FortiGate espionage campaign is more extensive than previously thought
The Coathanger malware that targeted Fortinet's FortiGate systems appears to be part of a broad and long-term Chinese cyber espionage campaign. This is what the Military Intelligence and Security Service, or MIVD, says.
In 2022 and 2023, at least 20,000 Fortinet systems worldwide will be infected with a vulnerability with the characteristic CVE-2022-42475. That the MIVD announces. According to the intelligence service, the Chinese cyber espionage campaign appears to be 'much more extensive' than previously known.
Research has shown that the attackers exploited the vulnerability for two months before Fortinet released a security update. During that zero-day period, 14,000 devices were infected with the Coathanger malware. Governments and defense companies, among others, have been affected by the malware.
The attackers continued to have access to the systems even after victims updated their systems. According to the MIVD, it is likely that the attackers still have access to the systems of many victims. It is not known how many victims actually have malware installed, but it is expected to be hundreds of victims worldwide.