China-Backed Hackers Exploit Fortinet Flaw, Infect 20,000 Systems

No featured articles available

Check back soon for the latest updates and featured content.

These hackers were aware of the FortiGate vulnerability at least two months before Fortinet publicly disclosed it.

Chinese government-backed hackers successfully breached around 20,000 Fortinet FortiGate systems worldwide by exploiting a critical security vulnerability between 2022 and 2023. This breach is now known to be more extensive than initially reported.

The Dutch National Cyber Security Centre (NCSC) stated in a recent bulletin, "These hackers were aware of the FortiGate vulnerability at least two months before Fortinet publicly disclosed it. During this zero-day window, they managed to infect 14,000 devices."

The campaign mainly targeted numerous Western governments, international organizations, and many companies in the defense industry. However, specific names of the affected entities were not disclosed.

These findings expand upon a previous report from February 2024, which revealed that the attackers had compromised a computer network used by the Dutch armed forces by exploiting the CVE-2022-42475 vulnerability (CVSS score: 9.8), which allows remote code execution.

After gaining access, the hackers deployed a backdoor, codenamed COATHANGER, from a server they controlled. This backdoor provided persistent remote access to the compromised systems and acted as a launch point for further malware.

The NCSC noted that the hackers installed the malware well after their initial access to maintain long-term control over the devices. However, the exact number of infected devices remains unclear.

This incident highlights a growing trend of cyberattacks targeting edge devices to infiltrate networks. The NCSC explained, "Edge devices face significant security challenges and are frequently targeted by malicious actors. These devices are positioned at the boundary of the IT network and typically have direct internet connections. Moreover, they often lack support from Endpoint Detection and Response (EDR) solutions.”

Want your digital assets to be protected?

CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

China-Backed Hackers Exploit Fortinet Flaw, Infect 20,000 Systems

These hackers were aware of the FortiGate vulnerability at least two months before Fortinet publicly disclosed it.

Share Your Story!

No featured articles available

These hackers were aware of the FortiGate vulnerability at least two months before Fortinet publicly disclosed it.

Stay Updated with the Latest Cybersecurity News