The Netherlands’ National Cyber Security Center said the Chinese cyber campaign is far larger than previously thought.
A China-linked cyber campaign that infiltrated a Dutch defense network last year is much larger than previously thought and has infiltrated tens of thousands of government and defense systems in Western nations, according to the Dutch government.
The campaign, dubbed COATHANGER, has been linked to communist China and it exploited a zero-day vulnerability in the FortiGate firewall system used by the Netherlands and other nations on many government networks. Zero-day vulnerabilities exist when a software update is first deployed.
Dutch intelligence’s original report, released in February, said that damage from the breach was limited because of “network segmentation,” which separates an affected system from the nation’s wider defense network.
The Netherlands’ National Cyber Security Center (NCSC) announced on June 10, however, that the Chinese cyber campaign is far larger than previously thought.
NCSC said that COATHANGER compromised 20,000 systems across dozens of Western governments, international organizations, and a large number of companies within the defense industry.
Moreover, the statement said, the attackers used the intrusion to install malware on some of those compromised targets to guarantee continued access to those systems. The malware still has not been cut off.
“This gave the state actor permanent access to the systems,” the statement reads. “Even if a victim installs FortiGate security updates, the state actor continues to have this access.”
“It is not known how many victims are actually malware installed. The Dutch intelligence services and the NCSC consider it likely that the state-owned actor could potentially expand its access to hundreds of victims worldwide and has been able to carry out additional actions such as stealing data.”
Likewise, the Dutch statement said that “it is likely that the state actor still has access to systems of a significant number of victims at the moment” and that organizations should take measures to mitigate the possible fallout from that access.
The Netherlands’ original report, jointly published by the Dutch Military Intelligence and Security Service and the General Intelligence and Security Service, didn’t clarify what information the hackers were trying to obtain.
