According to the Dutch government, China's state hackers hacked the Fortinet VPN via an undisclosed vulnerability that was recently discovered. The massive hack affected 20,000 of Fortinet's VPN appliances. Chinese hackers executed hostile code known for its significant power remotely.
In two years, the company knew about the vulnerability and claimed to have fixed it, but it was kept secret, with China's hacker using CoatHanger for the attack.
Fortinet VPN Hacked by China State Hackers, Over 20,000 Affected
A new report from the Netherlands' Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) revealed the massive attack by Chinese state hackers against Fortinet VPN. The agencies claimed that in several months in 2022 and 2023, bad actors accessed at least 20,000 FortiGate systems worldwide.
(Photo : Kevin Ku from Unsplash)
It was revealed that the threat actors were already aware of this vulnerability two months before Fortinet acknowledged the problem.
This centers on a heap-based buffer overflow vulnerability, CVE-2022-42475, that can be remotely launched to execute arbitrary code. Fortinet acknowledged this and dubbed it the CWE-122, labeled with 'Critical' severity.
Fortinet fixed the vulnerability in November but disclosed it two weeks later, in December 2022, yet there was still an attack in 2023.
Read Also: Ransomware Attack on Frontier Exposes Personal Data of 750,000 Customers Across 25 States
Netherlands Government: CoatHanger Backdoor
The Dutch government determined the malware dubbed CoatHanger to be aimed at Fortinet's vulnerability, which brought a complex and significant attack against the vulnerable systems.
According to the Netherlands' report, during the zero-day period of the attack, it infected 14,000 devices alone. It could enter through the backdoor vulnerability, live permanently on the device despite rebooting or updating, and escape detection.
VPN Hacks and Vulnerabilities
Virtual Private Network apps and systems have been the go-to for accessing geo-restricted content and hiding one's activity while surfing the web. This is an important tool in this day and age when information can be easily taken. However, there have been worries that VPN use makes users vulnerable to malicious actions, including surveillance and data access.
Previously, there was a VPN fiasco at iOS, and security researchers had already warned Apple about this vulnerability. The problem lasted two years, starting in 2022.
Many VPN companies have looked into boosting their security, with PureVPN previously introducing its quantum-resistant encryption keys, which are available for those using quantum computers.
Many people look to protect their online activity, data, and information on the web by using VPN platforms and services, but not all are secure and immune to getting hacked. The recent problem by Fortinet has been going on for years, with MIVD investigating the China-backed CoatHanger for its attack on Fortinet from 2022 to 2023.
Related Article: Norway's Cyber Security Centre Urges Caution: WebVPN Use Raises Hacking Worries!
