- Nachrichtendetail
-
12.06.2024 20:49:27 - dpa-AFX: Chinese Hackers Attack 20,000 FortiGate Systems
BEIJING (dpa-AFX) - The Netherlands Cybersecurity Agency or NCSC warned that
the espionage led by Chinese hackers during 2022 and 2023 was 'much larger than
previously known.'
In February, the Dutch Military Intelligence and Security Service or MIVD
reported that a Chinese state-sponsored malware campaign compromised 20,000
FortiGate systems, out of which 14,000 were breached during 'zero-day', a period
of two months before Fortinet (FTNT) became aware of the situation.
'Targets include dozens of governments, international organizations, and a large
number of companies within the defense industry,' the MIVD stated.
The malware Coathanger, a remote access trojan, could be only removed by
complete device reformat as it is capable of surviving system reboots and
firmware updates, the agency added. Also, it is difficult to detect its presence
using FortiGate CLI commands.
'This gave the state actor permanent access to the systems. Even if a victim
installs security updates from FortiGate, the state actor continues to keep this
access,' the MIVD found.
'It is not known how many victims actually have malware installed. The Dutch
intelligence services and the NCSC consider it likely that the state actor could
potentially expand his access to hundreds of victims worldwide and carry out
additional actions such as stealing data.'
The cybersecurity agency also noted that the problem is not limited to Fortinet
appliances, but also affects 'edge' devices, such as firewalls, VPN servers,
routers, and SMTP servers.
'Recent incidents and identified vulnerabilities within various edge devices
show that these products are often not designed according to modern
security-by-design principles,' the NCSC stated.
Copyright(c) 2024 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
the espionage led by Chinese hackers during 2022 and 2023 was 'much larger than
previously known.'
In February, the Dutch Military Intelligence and Security Service or MIVD
reported that a Chinese state-sponsored malware campaign compromised 20,000
FortiGate systems, out of which 14,000 were breached during 'zero-day', a period
of two months before Fortinet (FTNT) became aware of the situation.
'Targets include dozens of governments, international organizations, and a large
number of companies within the defense industry,' the MIVD stated.
The malware Coathanger, a remote access trojan, could be only removed by
complete device reformat as it is capable of surviving system reboots and
firmware updates, the agency added. Also, it is difficult to detect its presence
using FortiGate CLI commands.
'This gave the state actor permanent access to the systems. Even if a victim
installs security updates from FortiGate, the state actor continues to keep this
access,' the MIVD found.
'It is not known how many victims actually have malware installed. The Dutch
intelligence services and the NCSC consider it likely that the state actor could
potentially expand his access to hundreds of victims worldwide and carry out
additional actions such as stealing data.'
The cybersecurity agency also noted that the problem is not limited to Fortinet
appliances, but also affects 'edge' devices, such as firewalls, VPN servers,
routers, and SMTP servers.
'Recent incidents and identified vulnerabilities within various edge devices
show that these products are often not designed according to modern
security-by-design principles,' the NCSC stated.
Copyright(c) 2024 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
| Name | WKN | Börse | Kurs | Datum/Zeit | Diff. | Diff. % | Geld | Brief | Erster | Schluss | |
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
FORTINET INC. DL-,001 | A0YEFE | Frankfurt | 54,500 | 21.06.24 20:06:17 | +0,290 | +0,53% | 0,000 | 0,000 | 54,140 | 54,500 |
