China-Backed Cyber Attackers Breach 20,000 Fortinet Systems

  • By Farrukh Mushtaq

    Farrukh Mushtaq

    Author Image

    Farrukh Mushtaq, a digital marketer at PureSquare, possesses a keen interest in cybersecurity and enjoys writing about it. With several years of experience in the digital marketing industry, he brings expertise and passion to his work.

    See author profile
  • 12 June 2024
  • 5 mins read

Table of Content

Table of Contents

State-sponsored cyber attackers supported by China compromised 20,000 Fortinet FortiGate systems worldwide between 2022 and 2023 by exploiting a known critical security flaw. 

This operation revealed a more extensive impact than initially anticipated.

Targeted Entities and Impact

This campaign focused on numerous Western governments, international organizations, and many defense industry companies. However, the specific entities targeted have not been disclosed.

"The state actor behind this campaign was aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed it," stated the Dutch National Cyber Security Centre (NCSC) in a recent bulletin. 

"During this so-called zero-day period, the actor infected 14,000 devices."

These findings build on a previous advisory from February 2024, which reported that attackers had compromised a computer network used by the Dutch armed forces by exploiting CVE-2022-42475 (CVSS score: 9.8). This vulnerability allows for remote code execution.

Hidden Backdoors Planted! 

The intrusion facilitated the deployment of a backdoor named COATHANGER from a server controlled by the attackers. This backdoor was designed to provide ongoing remote access to the compromised systems and serve as a platform for additional malware.

The NCSC noted that the adversary installed the malware long after gaining initial access to maintain control over the devices, although the number of victims with infected devices remains unclear.

Beyond the Firewall: Why Edge Devices Are Vulnerable

This latest development highlights the persistent trend of cyber attacks targeting edge appliances to infiltrate high-value networks.

"Due to the security challenges of edge devices, these devices are a popular target for malicious actors," the NCSC explained. 

"Edge devices are located at the perimeter of the IT network and often have a direct internet connection. Additionally, Endpoint Detection and Response (EDR) solutions frequently do not support these devices."

Don’t Be a Target! 

Robust cybersecurity is urgently needed, especially for edge devices. While organizations work to patch vulnerabilities, individuals must also take responsibility for their digital privacy.

Regular software updates, strong passwords, and vigilance against phishing are essential practices. Multi-factor authentication and data encryption offer additional protection. Plus, use a reliable privacy management application to prioritize your privacy.