CyberSecurityBoard
Sponsor Register Login

China Caught Deploying Remote Access Trojan Tailored for FortiGate Devices

The Military Intelligence and Security Service of the Netherlands has issued a warning regarding the discovery of a new strain of malware believed to be orchestrated by the Chinese government.
In a recent advisory, MIVD disclosed that Coathanger was employed in espionage activities aimed at the Dutch Ministry of Defense in 2023.
Investigations into the breach revealed that the malware exploited a known flaw in FortiGate devices, specifically CVE-2022-42475.
Coathanger operates as a second-stage malware and does not exploit any novel vulnerabilities.
Unlike some malware that relies on new, undisclosed vulnerabilities, Coathanger operates as a second-stage malware and does not exploit any novel vulnerabilities.
The advisory emphasizes that it could potentially be used in conjunction with future vulnerabilities in FortiGate devices.
Described as stealthy and resilient, Coathanger evades detection by concealing itself through sophisticated methods, such as hooking system calls to evade detection.
It possesses the capability to survive system reboots and firmware upgrades, making it particularly challenging to eradicate.
According to Dutch authorities, Coathanger is just one component of a larger-scale cyber espionage campaign orchestrated by Chinese state-sponsored threat actors.
These actors target various internet-facing edge devices, including firewalls, VPN servers, and email servers.
The advisory issued by Dutch intelligence underscores the aggressive scanning tactics employed by Chinese threat actors, who actively seek out both disclosed and undisclosed vulnerabilities in edge devices.
It warns of their rapid exploitation of vulnerabilities, sometimes within the same day they are made public.
Given the popularity of Fortinet devices as cyberattack targets, businesses are urged to prioritize patch management.
Recent reports from Fortinet highlighted the discovery of two critical vulnerabilities in its FortiSIEM solution, emphasizing the importance of prompt patching.
To mitigate the risk posed by Coathanger and similar threats, intelligence analysts recommend conducting regular risk assessments on edge devices, restricting internet access on these devices, implementing scheduled logging analysis, and replacing any hardware that is no longer supported.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 11 Feb 2024 12:43:04 +0000


Cyber News related to China Caught Deploying Remote Access Trojan Tailored for FortiGate Devices

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
China Caught Deploying Remote Access Trojan Tailored for FortiGate Devices - The Military Intelligence and Security Service of the Netherlands has issued a warning regarding the discovery of a new strain of malware believed to be orchestrated by the Chinese government. In a recent advisory, MIVD disclosed that Coathanger was ...
1 year ago Cysecurity.news CVE-2022-42475
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com
Netherlands reveals Chinese spies attacked its defense dept The Register - Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense, blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands' Military Intelligence and ...
1 year ago Go.theregister.com CVE-2022-42475
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
10 months ago Theregister.com APT3 Volt Typhoon
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
1 year ago Darkreading.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
1 year ago Darkreading.com Volt Typhoon
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
1 week ago Cybersecuritynews.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
10 months ago Securelist.com
A top-secret Chinese spy satellite just launched on a supersized rocket - China's largest rocket apparently wasn't big enough to launch the country's newest spy satellite, so engineers gave the rocket an upgrade. The Long March 5 launcher flew with a payload fairing some 20 feet taller than its usual nose cone when it took ...
1 year ago Packetstormsecurity.com Rocke
US House 'Asks Intel, Nvidia, Micron CEOs' To Testify On China - US House of Representatives China committee asks chief executives of Intel, Nvidia, Micron to testify as international tensions mount. The chief executives of Intel, Nvidia and Micron have been asked to testify before the US House of Representatives' ...
1 year ago Silicon.co.uk
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
Big China Spy Balloon Moving East Over US, Pentagon Says - The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China's claims that it was not being used for surveillance. Gen. Pat Ryder, Pentagon press secretary, ...
2 years ago Securityweek.com
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
1 year ago Go.theregister.com Rocke
Fortinet: Symlink trick gives access to patched FortiGate VPN devices - Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. The advisory says that when the threat ...
1 day ago Bleepingcomputer.com CVE-2022-42475
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
3 years ago
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks - Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. The advisory says that when the threat ...
1 day ago Bleepingcomputer.com CVE-2022-42475
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
1 year ago Theregister.com
China Investigating Alleged Use of Surveillance Balloon in US - China declared on Friday that it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and asked for people to remain calm. The Foreign Ministry spokesperson Mao Ning also said that China has no intention of infringing ...
2 years ago Securityweek.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
1 year ago Securityzap.com
National Grid pulls Chinese kit over cybersecurity concerns The Register - The National Grid is reportedly the latest organization in the UK to begin pulling China-manufactured equipment from its network over cybersecurity fears. The contract with the UK subsidiary of China's state-owned Nari Technology, NR Electric UK, was ...
1 year ago Go.theregister.com
China warns of AirDrop de-anonymization flaw The Register - In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities. The announcement targeted ...
1 year ago Go.theregister.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk
Webex announces comprehensive Device Management Capabilities with Phonism integration - Webex is excited to announce a comprehensive solution for 3rd party Device Management referred to as 'Partner Managed Devices. ' Partner Managed Devices allows Webex Cloud Calling offers to support a flexible Device Management strategy. With this ...
1 year ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)