Chinese hackers breached 20,000 FortiGate systems worldwide.
| Photo Credit: Reuters
Chinese hackers breached 20,000 FortiGate, a cloud-native firewall that is deployed to protect AWS and Azure cloud space, systems worldwide. The Dutch Military Intelligence and Security Service (MIVD) which unearthed the campaign earlier this year said it was found to be “much larger than previously known”.
The MIVD alleges that the malware used in the attack could survive in the system after reboots and firmware upgrades and was deployed by a Chinese state-sponsored hacking group in a political espionage campaign targeting the Netherlands and its allies.
The MVID in a joint report with the General Intelligence and Security Service (AIVD), disclosed that Chinese hackers exploited a critical remote code execution vulnerability in FortiOS/FortiProxy between 2022 and 2023 to deploy malware on FortiGate network security appliances, a report from Bleeping Computer said.
During the attack campaign, hackers infected some 14,000 devices which included dozens of (Western) government and international organisations along with a large number of companies within the defence industry.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The malware used by attackers was also found on Dutch Ministry of Defence network used in research and development (R and D) of unclassified projects.
The MVID believes hackers may still have access to victims as the malware is difficult to detect and remove since it can intercept system messages to avoid detection and survive firmware upgrades.
The attacks on FortiGate systems bear similarities to another Chinese hacking campaign that targeted unpatched vulnerabilities in SonicWall Secure Mobile Access (SMA) appliances with cyber-espionage malware designed to withstand firmware upgrades.
