On June 10, the Dutch National Cyber Security Center revealed that the COATHANGER cyber campaign, linked to China, breached 20,000 defense and government systems across Western countries.
You can read the original article here.
The Dutch government claims that a cyber campaign with ties to China that breached a defense network in the country last year is far more widespread than previously believed and has affected tens of thousands of defense and government systems in Western countries.
The COATHANGER campaign, which took use of a zero-day vulnerability in the FortiGate firewall system used by the Netherlands and other countries on several government networks, has been connected to communist China. When a software update is initially released, zero-day vulnerabilities are present.
The original assessment from Dutch intelligence, which was made public in February, said that “network segmentation,” which isolates a compromised system from the country’s larger defensive network, had prevented more damage from the intrusion.
On June 10, however, the National Cyber Security Center (NCSC) of the Netherlands declared that the Chinese cyber assault was significantly more extensive than previously believed.
According to NCSC, COATHANGER breached 20,000 systems in numerous Western countries, international organizations, and military industry businesses.
Furthermore, the statement claimed that to ensure that the compromised targets would remain accessible, the attackers utilized the intrusion to implant malware on a few of those targets. The malware hasn’t been removed yet.
The statement claims that “this gave the state actor permanent access to the systems.” “The state actor retains this access even if a victim installs FortiGate security updates.”
“It is not known how many victims are actually malware installed. The Dutch intelligence services and the NCSC consider it likely that the state-owned actor could potentially expand its access to hundreds of victims worldwide and has been able to carry out additional actions such as stealing data.”
Similarly, the Dutch statement stated that organizations should take action to lessen the potential consequences of the state actor’s access, stating that “it is likely that the state actor still has access to systems of a significant number of victims at the moment.”
What information the hackers were attempting to gain was not made clear in the Netherlands’ initial assessment, which was jointly released by the General Intelligence and Security Service and the Dutch Military Intelligence and Security Service.
The breadth of the most recent finding points to a campaign aimed at securing ongoing access to Western countries’ defense sectors. It’s still unknown, though, if each victim belonged to a NATO country or had another common bond.
According to the Dutch statement, the COATHANGER campaign targeted “edge devices” such as routers, VPN servers, firewalls, and email servers that link a system to the larger network, just like many other hackers do.
As per the statement, the government promoted the implementation of the “assume breach” policy due to the difficulty in anticipating zero-day vulnerabilities.
This implies that it is best to assume there has been an initial breach and take action to minimize the harm.
The largest online influence operations in the world are being carried out by actors funded by China who are connected to Chinese law enforcement and intelligence, according to several reports.
Earlier in the year, officials in charge of U.S. intelligence reported that they had eliminated Volt Typhoon, a Chinese malware that had infected hundreds of machines and endangered critical U.S. infrastructure, such as air traffic control, energy, water, and petroleum systems.
Last year, GreatGameIndia reported that Eric Goldstein, the Executive Assistant Director for Cybersecurity at the US Cybersecurity and Infrastructure Security Agency, stated that US government agencies had been hit by a global cyberattack.
