According to the Dutch Military Intelligence Service, the attacks by the China-linked hacking group involved exploiting a zero-day vulnerability and took place in 2022 and 2023.

media 111c34072131746001acb9a10b266e7fb8f7c71b8

According to the Dutch Military Intelligence Service, attacks by a hacking group linked to China in 2022 and 2023 resulted in the compromise of at least 20,000 Fortinet FortiGate devices.

The service posted its disclosure online, which was reported by multiple media outlets on Tuesday.

[Related: Network Security Devices Are The Front Door To An IT Environment, But Are They Under Lock And Key?]

According to the translation of Posting And a Reports by the Bleeping computerthe Netherlands’ Military Intelligence and Security Service (MIVD) found that an espionage campaign by a China-linked threat actor breached at least 20,000 Fortigate firewalls worldwide over several months during 2022 and 2023.

The findings show that the campaign – which took advantage of a zero-day vulnerability in FortiOS and FortiProxy software – was more widespread than previously thought, the MIVD revealed, according to the translation and Bleeping computer.

During the campaign, according to the MIVD, 14,000 devices were compromised in a two-month period before the remote code execution (RCE) vulnerability was disclosed by Fortinet in December 2022. The agency found that Western governments, defense industry companies and international organizations were among those targeted.

CRN has reached out to Fortinet for comment.

The RCE vulnerability allegedly used in the campaign is traced to CVE-2022-42475 and was linked to attacks by China-linked threat group Volt Typhoon earlier this year. US agencies Said in February That Volt is known to gain early access to critical infrastructure IT systems by exploiting network devices from multiple vendors, including Typhoon Fortinet.

In one example of a “confirmed compromise” shared by US agencies, Volt Typhoon “probably gained initial access by exploiting CVE-2022-42475 in a network perimeter FortiGate 300D firewall that has not been patched.” was gone,” the agencies said at the time.

Fortinet released a blog post at the time pointing out the “need for organizations to have a robust patch management program and follow best practices to ensure a secure infrastructure.”

“We continue to urge customers to implement timely patching practices and continuously monitor their networks for unusual activity to help mitigate cyber risk,” Fortinet said in a statement provided to CRN in February.



Source link