Dutch Intelligence Reveals China-Linked Cyber Campaign Breached Numerous Western Government Systems
The Chinese cyber campaign discovered by The Netherlands’ National Cyber Security Center is much larger than initially believed. It has infiltrated tens of thousands of government and defense systems in Western nations, including a Dutch defense network. This campaign, known as COATHANGER, has been linked to communist China and exploited a zero-day vulnerability in the FortiGate firewall system used by several nations on their government networks.
An original report from Dutch intelligence in February mentioned that limited damage occurred due to “network segmentation,” isolating affected systems from the broader defense network of the nation. However, on June 10, NCSC revealed that COATHANGER compromised 20,000 systems in various Western governments, international organizations, and defense industry companies.
The attackers used this intrusion to install malware on compromised targets to maintain ongoing access. The NCSC stated that even after victims install security updates, the state actor still maintains access to these systems. The exact number of victims with installed malware is unknown, but it is probable that the state-owned actor could extend its access to hundreds of victims globally, potentially engaging in data theft.
The Dutch statement advised organizations to take precautions to mitigate any potential consequences from this access. While the initial report did not specify the information sought by the hackers, the latest findings suggest that the campaign aimed to gain persistent access to defense industries in Western nations.
The Dutch government encouraged the “assume breach” principle, anticipating initial breaches and taking measures to limit the impact. Reports have indicated that China-backed actors connected to Chinese intelligence and law enforcement are behind some of the world’s most significant online influence operations.
Earlier in the year, U.S. intelligence leaders announced the dismantling of Chinese malware called Volt Typhoon, which posed a threat to critical U.S. infrastructure, including water, energy, oil, and air traffic control systems.
