Fortinet VPN Hacked by China, Over 20,000 Affected Says Netherlands Government

A massive VPN attack was done by Chinese state hackers.

According to the Dutch government, China's state hackers hacked the Fortinet VPN via an undisclosed vulnerability that was recently discovered. The massive hack affected 20,000 of Fortinet's VPN appliances. Chinese hackers executed hostile code known for its significant power remotely.

In two years, the company knew about the vulnerability and claimed to have fixed it, but it was kept secret, with China's hacker using CoatHanger for the attack.

Fortinet VPN Hacked by China State Hackers, Over 20,000 Affected

A new report from the Netherlands' Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) revealed the massive attack by Chinese state hackers against Fortinet VPN. The agencies claimed that in several months in 2022 and 2023, bad actors accessed at least 20,000 FortiGate systems worldwide.

VPN Hack
Kevin Ku from Unsplash

It was revealed that the threat actors were already aware of this vulnerability two months before Fortinet acknowledged the problem.

This centers on a heap-based buffer overflow vulnerability, CVE-2022-42475, that can be remotely launched to execute arbitrary code. Fortinet acknowledged this and dubbed it the CWE-122, labeled with 'Critical' severity.

Fortinet fixed the vulnerability in November but disclosed it two weeks later, in December 2022, yet there was still an attack in 2023.

Netherlands Government: CoatHanger Backdoor

The Dutch government determined the malware dubbed CoatHanger to be aimed at Fortinet's vulnerability, which brought a complex and significant attack against the vulnerable systems.

According to the Netherlands' report, during the zero-day period of the attack, it infected 14,000 devices alone. It could enter through the backdoor vulnerability, live permanently on the device despite rebooting or updating, and escape detection.

VPN Hacks and Vulnerabilities

Virtual Private Network apps and systems have been the go-to for accessing geo-restricted content and hiding one's activity while surfing the web. This is an important tool in this day and age when information can be easily taken. However, there have been worries that VPN use makes users vulnerable to malicious actions, including surveillance and data access.

Previously, there was a VPN fiasco at iOS, and security researchers had already warned Apple about this vulnerability. The problem lasted two years, starting in 2022.

Many VPN companies have looked into boosting their security, with PureVPN previously introducing its quantum-resistant encryption keys, which are available for those using quantum computers.

Many people look to protect their online activity, data, and information on the web by using VPN platforms and services, but not all are secure and immune to getting hacked. The recent problem by Fortinet has been going on for years, with MIVD investigating the China-backed CoatHanger for its attack on Fortinet from 2022 to 2023.

Isaiah Richard
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics