Cyber Espionage Unveiled: The Dutch Defense Under Siege by Chinese Hackers

source

In a stark revelation that underscores the escalating cyber warfare landscape, the Dutch Ministry of Defense became the latest target of sophisticated Chinese cyber espionage.

Last year, the Dutch intelligence agencies, MIVD and AIVD, uncovered a calculated intrusion by Chinese state-backed hackers into a military network, marking a significant breach in national security​​​.

Dubbed “Coathanger,” the malware deployed in this attack showcased the high level of sophistication and stealthiness characteristic of state-sponsored espionage efforts.

This malicious software was ingeniously designed to persist through system reboots and evade detection mechanisms, posing a formidable challenge to cybersecurity defenses.

The name “Coathanger” derives from a line in a Roald Dahl story, symbolizing the malware’s deceptive simplicity and lethal potential​.

The breach was facilitated through the exploitation of CVE-2022–42475, a vulnerability in FortiOS, the operating system for FortiGate firewalls.

Although the network’s segmentation limited the damage, the incident shed light on the persistent threat posed by Chinese espionage activities aimed at acquiring sensitive information and undermining national security​.

Initial Validation: The first step in exploiting CVE-2022–42475 involves validating the target’s vulnerability. This is achieved through a process that intentionally triggers a crash in the remote SSL VPN daemon, which automatically and immediately restarts. The exploit, in this phase, is designed to operate in a “validate only” mode, thereby not executing any Remote Code Execution (RCE) but simply confirming vulnerability presence.# [+] Running in validate-only mode. No RCE.
# [>] Testing to see if target is vulnerable (may take 10 seconds)
# [+] Target '192.168.0.10:8443' appears to be VULNERABLE
$ ./x.py -t 192.168.0.10 -p 8443 -v