Dutch intelligence reveals widespread cyberespionage campaign targeting Fortinet customers
Chinese state-backed hackers exploited a critical vulnerability in Fortinet’s VPN appliances, infecting over 20,000 devices worldwide. The vulnerability, identified as CVE-2022-42475, allowed hackers to remotely execute malicious code and install a sophisticated backdoor called CoatHanger.
Alarmingly, Fortinet patched the vulnerability in November 2022 but waited two weeks before disclosing it. This delay left users exposed during a “zero-day” window, allowing attackers to exploit the flaw before a fix was available.
Targets Include Government Agencies and Defense Contractors
The Netherlands identified dozens of government agencies, international organizations, and defense companies among the compromised targets. While the Dutch Ministry of Defense breach was contained, the full extent of the damage remains unknown.
Patch Now and Investigate
The Dutch National Cyber Security Center (NCSC) urges organizations to prioritize patching affected Fortinet devices and investigate potential CoatHanger infections. The malware’s stealthy nature makes detection difficult, highlighting the importance of swift action.
Fortinet has not addressed the critical delay in disclosing the vulnerability. The company’s silence on its security disclosure policy raises concerns about transparency and user protection.
