Chinese Cyberattack Targeted Dutch Military Infrastructure

According to the Netherlands' Military Intelligence and Security Service (MIVD), a Chinese cyber-espionage organization infiltrated the MoD last year and installed malware on infected computers.

Nevertheless, because of network segmentation, the breach's harm was contained even after backdooring the compromised systems.

"The effects of the intrusion were limited because the victim network was segmented from the wider MOD networks … The victim network had fewer than 50 users. Its purpose was research and development (R&D) of unclassified projects and collaboration with two third-party research institutes. These organizations have been notified of the incident.” – stated Dutch Military Intelligence and Security Service (MIVD)

A remote access trojan (RAT) called Coathanger, which was previously unidentified and intended to target Fortigate network security appliances, was also found on the compromised network during the follow-up study.

The malware hides itself by intercepting system calls in order to function covertly and consistently without being detected. Moreover, it endures firmware updates and system restarts.

MIVD linked this event with high confidence to a Chinese state-sponsored hacking group, even though the attacks weren't traced to a specific threat group. They also highlighted that this harmful conduct is part of a larger pattern of Chinese political espionage that targets the Netherlands and its allies.

A few days prior, the United States authorities initiated measures to demolish a botnet consisting of outdated Cisco and NetGear routers, which were employed by Chinese threat actors such as to mask the source of malevolent activity.

Source: The Hacker News