- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
Chinese FortiGate Espionage Campaign Snares 20,000+ Victims
A sophisticated Chinese espionage campaign targeting Fortinet edge devices was far more extensive than previously thought, resulting in the compromise of at least 20,000 systems worldwide, according to the Dutch authorities.
The country’s intelligence services first revealed the campaign in February this year. They said Chinese spies exploited a zero-day vulnerability (CVE-2022-42475) in FortiGate appliances to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks.
However, the Dutch National Cyber Security Centre (NCSC) said in a new post this week that during the two months before Fortinet released a patch for the zero-day bug, the threat actors managed to compromise at least 14,000 targets. These included “dozens of (Western) governments, international organizations and a large number of companies within the defense industry,” it said.
The total number of infections within a few months in 2022 and 2023 is thought to be at least 20,000, with a “significant number” likely to still be impacted due to the difficulty of identifying and removing the RAT malware.
“The state actor installed malware at relevant targets at a later time. This gave the state actor permanent access to the systems. Even if a victim installs security updates from FortiGate, the state actor continues to have this access,” the update read.
“It is not known how many victims actually have malware installed. The Dutch intelligence services and the NCSC consider it likely that the state actor could potentially expand its access to hundreds of victims worldwide and carry out additional actions such as stealing data.”
The campaign has echoes of other espionage efforts by the Chinese state targeting cybersecurity appliances in a persistent manner.
Barracuda was forced to tell customers to replace their ESG appliances last year after Beijing-backed group UNC4841 targeted them. Also last year, unpatched SonicWall Secure Mobile Access (SMA) appliances were targeted by UNC4540.
Image credit: JHVEPhoto / Shutterstock.com