Consider Cybersecurity topics, authors and tags that you are interested in when trying to search. You can also enter your own custom search criteria. You can also select a topic or syndication source below to filter all the blog posts.
February 15, 2024 at 5:07 p.m.
The Central Arkansas Library System and independent third parties are investigating “unexpected activity” that shut down its Internet network and forced CALS to keep the IT and all connected systems offline for the last 10 days, a library official confirmed Thursday.
The
Chinese state-backed hackers broke into a computer network that’s used by the Dutch armed forces by targeting Fortinet FortiGate devices.
“This [computer network] was used for unclassified research and development (R&D),” the Dutch Military Intelligence and Security Service (MIVD) said in a statement. “Because this system was self-contained, it did not lead to any damage to the defense network.” The network had less than 50 users.
The intrusion, which took place in 2023, leveraged a known critical security flaw in FortiOS SSL-VPN (CVE-2022-42475, CVSS score: 9.3) that allows an unauthenticated attacker to execute arbitrary code via specially crafted requests.
Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that’s designed to grant persistent remote access to the compromised appliances.
“The COATHANGER malware is stealthy and persistent,” the Dutch National Cyber Security Centre (NCSC) said. “It hides itself by hooking system calls that could reveal its presence. It survives reboots and firmware upgrades.”
COATHANGER is distinct from BOLDMOVE, another backdoor linked to a suspected China-based threat actor that’s known to have exploited CVE-2022-42475 as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa as early as October 2022.
The development marks the first time the Netherlands has publicly attributed a cyber espionage campaign to China. Reuters, which broke the story, said the malware is named after a code snippet that contained a line from Lamb to the Slaughter, a short story by British author Roald Dahl.
It also arrives days after U.S. authorities took steps to dismantle a botnet comprising out-of-date Cisco and NETGEAR routers that were used by Chinese threat actors like Volt Typhoon to conceal the origins of malicious traffic.
Last year, Google-owned Mandiant revealed that a China-nexus cyber espionage group tracked as UNC3886 exploited zero-days in Fortinet appliances to deploy THINCRUST and CASTLETAP implants for executing arbitrary commands received from a…
By Christopher Bing and Karen Freifeld
(Reuters) – The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.
The Justice Department and Federal Bureau of Investigation sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.
Known as Volt Typhoon, the malicious cyber activity has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities.
Such breaches could enable China, national security experts said, to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service U.S. military operations.
A Justice Department spokesperson declined to comment. A spokesperson for the FBI and the Chinese embassy in Washington did not immediately respond to a request for comment.
When Western nations first warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning said the hacking allegations were a “collective disinformation campaign” from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia and the UK.
(Reporting by Christopher Bing in Washington and Karen Freifeld in New York; Editing by Chris Sanders and Lisa Shumaker)