Feb 07, 2024 17:00:00

Chinese cyber spies accessed Dutch military network, intelligence agency says

As China's threats in cyberspace are increasing day by day, with the Japanese Ministry of Foreign Affairs' system

being revealed to have suffered a Chinese cyberattack, cyber spies backed by the Chinese government have breached Dutch military networks. The country's intelligence agency announced that. This is the first time the Netherlands has publicly acknowledged a cyber attack by China.

MIVD onthult werkwijze Chinese spionage in Nederland | Nieuwsbericht | Defensie.nl
https://www.defensie.nl/actueel/nieuws/2024/02/06/mivd-onthult-werkwijze-chinese-spionage-in-nederland

TLP:CLEAR MIVD AIVD Advisory COATHANGER | Publicatie | National Cyber Security Centrum
https://www.ncsc.nl/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear

Chinese spies hacked Dutch defense network last year - intelligence agencies | Reuters
https://www.reuters.com/technology/cybersecurity/china-cyber-spies-hacked-computers-dutch-defence-ministry-report-2024-02-06/

Chinese hackers infect Dutch military network with malware
https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-military-network-with-malware/

On February 6, 2024, the Dutch Military Intelligence and Security Directorate (MIVD) and General Intelligence and Security Directorate (AIVD) announced that sophisticated Chinese malware was discovered in 2023 that provides evidence of Chinese cyber espionage. . Authorities have accused China of being part of China's state-run political espionage campaign against the Netherlands and its allies.

According to the announcement, the Chinese hacker infiltrated a military network used for unclassified research and development. Although the network was used by 50 people, authorities said the defense network was not compromised because it was a segmented, self-contained system.

'This is the first time that the MIVD has decided to publish a technical report on how Chinese hackers operate,' said Dutch Defense Minister Kaisa Ollongren. 'This is important in increasing international countermeasures against cyber-espionage activities.'

In a jointly published report, MIVD and AIVD named the newly discovered Chinese malware 'COATHANGER.' The name comes from a passage in Roald Dahl's short story `

`Lamb to the Slaughter '', which depicts the murder of a husband by a housewife. It is said that the origin comes from the symbolic scene of hanging something on a hanger.

COATHANGER is a remote access Trojan horse (RAT) developed by American security equipment manufacturer Fortinet to infiltrate appliances (dedicated devices). It has continuity to withstand startups and updates.

'What's notable is that the COATHANGER implant is persistent, reviving itself by inserting its own backup into the system's boot process every time the system reboots. What's more, the infection survives firmware updates.' the report said.

COATHANGER, which has infiltrated the network, exploits a known vulnerability ( CVE-2022-42475 ) in FortiGate devices and forces the target to install a backdoor.

Officials said they believed both the hack and the malware development were the work of Chinese state-sponsored actors, adding: 'This is an example of China's political espionage efforts against the Netherlands and its allies.' said.