Chinese state-sponsored hackers broke into an internal computer network used by the Dutch Ministry of Defence last year, the Netherlands said Tuesday.
In a rare announcement, both the country’s military (MIVD) and civilian (AIVD) security services said the ministry had been hacked for espionage purposes after the threat actor exploited a vulnerability in FortiGate devices, as first reported by Reuters.
The MIVD said it found the malware on a compartmentalized computer network used by the country’s armed forces for unclassified research and development.
“Because this system was self-contained, it did not cause damage to the Defense network,” the agency stated.
Defense Minister Kajsa Ollongren said: “For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China. In this way we increase international resilience against this type of cyber espionage.”
It is not known which bug the hackers took advantage of. However, one discovered in FortiGate devices last year — tracked as CVE-2023-27997 — provoked enormous concerndue to the widespread usage of the product among government organizations.
Shortly after the vulnerability was disclosed, researchers warned there were hundreds of thousands of vulnerable interfaces exposed to the internet, nearly 70% of all of the installations online.
Christopher Glyer of the Microsoft Threat Intelligence Center questioned last year whether the same vulnerability was used in attacks by a Chinese-linked threat group tracked as Volt Typhoon that hacked critical infrastructure in Guam.
Fortinet said that it was not linking the exploit to Volt Typhoon “at this time” but warned it expected “all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices.”
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Alexander Martin
Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.