China Caught Dropping RAT Designed for FortiGate Devices

  /     /     /  
Publicated : 23/11/2024   Category : security


China Caught Dropping RAT Designed for FortiGate Devices


Dutch military intelligence warns that new malware, called Coathanger, was found in multiple FortiGate devices during an incident response, and that Chinese-state actors are using the persistent RAT for espionage.



The Netherlands Military Intelligence and Security Service (MIVD) is warning that it has uncovered a new malware strain, persistent and difficult to detect, being deployed by the Chinese government against an existing FortiGate flaw, and that its part of a wider political espionage campaign.
The new remote access Trojan (RAT), called Coathanger, was used to spy on the Dutch Ministry and Defense (MOD) in 2023, according to a
new advisory
. During the response to the intrusion, Dutch intelligence service officials discovered the malware was being delivered through a known FortiGate flaw (CVE-2022-42475).
Fortinets
FortiGate devices
provide network firewall protections.
The report stresses that Coathanger doesnt take advantage of a new zero-day exploit and is deployed as second-stage malware. However, the advisory added, Coathanger could be used along with an any future
FortiGate device vulnerability
.
Dutch officials explained, The Coathanger malware is stealthy and persistent. It hides itself by hooking system calls that could reveal its presence. It survives reboots and firmware upgrades.
The Coathanger malware is part of a wider campaign being waged by Chinese state-sponsored threat actors against Internet-facing edge devices including firewalls, VPN servers, and email servers, according to Dutch authorities.
Chinese threat actors are known to perform wide and opportunistic scanning campaigns for both published (nday) as well as unpublished (0-day) software vulnerabilities on internet-facing (edge) devices, the advisory cautioned. They do so with a high operational tempo, sometimes abusing vulnerabilities on the day they are published.
Fortinet devices are a popular cyberattack target, so businesses should stay on top of patches: Just this week, Fortinet reported
two max-severity bugs
in its FortiSIEM solution required immediate patching.
Recommendations from intelligence analysts in the Netherlands to keep Coathanger at bay also include performing a regular risk analysis on edge devices, limiting Internet access on edge devices, scheduled logging analysis, and replacing any hardware no longer supported.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
China Caught Dropping RAT Designed for FortiGate Devices