News item | 06-02-2024 | 16:03
The Military Intelligence and Security Service (MIVD) has exposed Chinese cyber espionage in the Netherlands. The agency discovered advanced Chinese malware that makes this possible. A Chinese state actor is responsible for this. The MIVD determines this based on its own intelligence.
China uses this type of malware for espionage on computer networks. The malware is used in systems (FortiGate) of the Fortinet company. Allows computer users to work remotely. Fortinet provides this cybersecurity worldwide.
The MIVD found the malware on a separate computer network in the armed forces last year. This was used for unclassified Research and Development (R&D). Because this system was self-contained, it did not cause damage to the Defense network.
“For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China,” said Defense Minister Kajsa Ollongren. “In this way we increase international resilience against this type of cyber espionage.”
The MIVD shares information about the incident and the characteristics of the malware on the website of the National Cyber Security Center (NCSC). This allows users of the FortiGate system to determine whether they have become a victim. They can also take measures to defend themselves.
Backdoor
The malware found installed a ‘backdoor’ by taking advantage of a known vulnerability in FortiGate devices. The MIVD publication therefore does not describe any new vulnerability in all FortiGate devices.
Information for users
The MIVD asks organizations that find this malware to report to the NCSC. This way, the Chinese espionage campaign can be countered.