• Access skilled IT profiles from China, Hong Kong, Malaysia & globally, straight into your inbox. Just Email Us!
  • contact@boyangaustralia.com

+86 075586719955

Call us

Chinese Hackers Breach 20,000 FotiGate Systems Worldwide

Facebook-f X-twitter Linkedin-in Weixin Whatsapp
Chinese Hackers Breach 20,000 FortiGate Systems Worldwide

The Dutch Military Intelligence and Security Service (MIVD) have revealed that a Chinese hackers from cyber-espionage campaign’s impact is much larger than previously known. Earlier this year, the MIVD, in a joint report with the General Intelligence and Security Service (AIVD), disclosed that Chinese hackers exploited a critical vulnerability (CVE-2022-42475) in FortiOS/FortiProxy systems.

Details of the Breach

Chinese hackers used this vulnerability to deploy malware on vulnerable FortiGate network security appliances between 2022 and 2023. During this period, known as the ‘zero-day’ period, the hackers infected 14,000 devices, targeting dozens of Western governments, international organizations, and companies within the defense industry.

The malware, known as the Coathanger remote access trojan (RAT), was also found on a Dutch Ministry of Defence network used for research and development. However, due to network segmentation, the attackers were prevented from moving to other systems.

Persistent Threat

The MIVD discovered that this previously unknown malware strain, which can survive system reboots and firmware upgrades, was deployed by a Chinese state-sponsored hacking group. This group conducted a political espionage campaign targeting the Netherlands and its allies, giving the hackers permanent access to the systems.

The MIVD noted that even if a victim installs security updates from FortiGate, the state actor can still maintain access. The extent of the breach is significant, with the MIVD estimating that the state actor could expand its access to hundreds of victims worldwide, potentially stealing data.

Widespread Impact

Since February, the Dutch military intelligence service has found that the Chinese threat group accessed at least 20,000 FortiGate systems worldwide in 2022 and 2023. This was discovered at least two months before Fortinet disclosed the CVE-2022-42475 vulnerability.

The Coathanger malware used in these attacks is particularly difficult to detect and remove, as it intercepts system calls to avoid revealing its presence and survives firmware upgrades. This vulnerability was also exploited as a zero-day to target government organizations and related entities, as disclosed by Fortinet in January 2023.

Similar Attacks

These attacks bear similarities to another Chinese hacking campaign that targeted un-patched SonicWall Secure Mobile Access (SMA) appliances with cyber-espionage malware designed to withstand firmware upgrades.

Related Articles:

Chinese Spy bases in US are a cyber threat?

Facebook
Twitter
LinkedIn

Table of Contents

Recents News

BYCS Team Meeting with Odoo UAE

BYCS Expanded Odoo Services in the UAE

BYCS Expanded to the UAE: We’re excited to announce that Boyang Consultancy Services (fully affiliated

Read More
BYCS at Odoo Dubai Office

BYCS (ToncentSoft) at Odoo Dubai Office

BYCS at Odoo Dubai Office: Finally, our long business journey ends in the Dubai, UAE.

Read More
BYCS Technology News

BYCS Insider Newsletter: Innovation & Insights

Welcome to the BYCS insider! June was a month full of momentum, innovation, and collaboration.

Read More

Services

Resources

Quick Links

Subscribe our newsletter for event updates, directly into your mailbox.
Your email is safe with us we don’t spam

Boyang Consultancy Services has been empowering SMEs globally for 10+ years with enterprise-level IT solutions to compete smarter in the market. Trust us for your IT digital transformation, just like our clients do.

Facebook-f Linkedin-in X-twitter Weixin Whatsapp

Copyright © 2025 Boyang Consultancy Services Limited, all rights reserved.