Cyber Threat Report: 'Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT'
| Report Author | MIVD and AIVD, the Netherlands |
|---|---|
| Publication Date | 2024-02-06 |
| Original Reporting | Source |
| Attributed to Nation | China |
| Identified CVEs | CVE-2022-42475 |
| Victim Sectors | National Government, Defense |
This report by the Dutch AIVD and MIVD is a cybersecurity advisory covering activity which they attribute to Chinese threat actors. The report covers an intrusion against Netherlands' Ministry of Defence networks using malware which they refer to as COATHANGER based on a string which is present in the code. COATHANGER is a stealth and persistent remote access trojan (RAT) which specifically targets FortiGate appliances. The report highlights that vulnerable Fortinet FortiGate devices were used as an initial access vector through the exploitation of CVE-2022-42475.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph