Critical Infrastructure Security, Endpoint/Device Security, Threat Intelligence

Vulnerable Fortigate systems targeted by global Chinese cyberespionage campaign

Data protection, binary code with China flag

Numerous Western governments, defense industry firms, and international organizations have been compromised with the novel Coathanger remote access trojan as part of an ongoing Chinese cyberespionage campaign involving the exploitation of the already addressed critical FortiGate FortiOS software vulnerability, according to CyberScoop.

At least 20,000 FortiGate systems around the world have already been infiltrated through the exploitation of the flaw, tracked as CVE-2022-42475, between 2022 and 2023, with threat actors already breaching nearly 14,000 devices at least two months before the security issue was disclosed by Fortinet, a report from the Netherlands' Military Intelligence and Security Service and General Intelligence and Security Service showed.

Chinese attackers behind the campaign were also reported by Dutch authorities to potentially still have access to several organizations' systems, which it could then use to facilitate expanded intrusions.

Such a report was dismissed by the Chinese Embassy in the U.S. However, SentinelLabs Principal Threat Researcher Tom Hegel noted that the findings indicate the significant cybersecurity risks faced by edge network devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.