State-backed Chinese cyber espionage has targeted the Dutch military via Fortinet FortiGate devices.
The malware was discovered on a separate computer in the armed forces in 2023. The Military Intelligence and Security Service (MIVD) determined that a China state-sponsored actor was behind the attack.
The MIVD said it had discovered malware used by China specifically for espionage purposes. Attackers leverage a flaw in FortiGate devices to remotely connect to networks.
The Dutch military’s computer was used for unclassified research and development, the system was self-contained, and, therefore, didn’t cause any collateral damage.
“For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China,” said Defense Minister Kajsa Ollongren. “In this way we increase international resilience against this type of cyber espionage.”
The malware was installed using a known vulnerability in FortiGate devices. The vulnerability CVE-2022-42475 was classified as high impact in December 2022.
Experts specified that the malware, a remote access trojan (RAT), was aimed not at gaining, but maintaining access to the network.
More from Cybernews:
Subscribe to our newsletter