DailyPost 2817

If we ever thought that ransomware attacks are the be all and end all in cyber attacks, then whatever might be its gravity, we can still be way off. Cyber proactive actions / hacks that can bring independent nations to risks would certainly send a chill down anyone’s spine. Cyber espionage is such an area; the length and breadth of it, remains unknown. It is an ongoing battle of attrition, how the delicate balance of international power play is maintained is beyond the imagination of the people, who actually do it. Undeniably it happens, happens in a big way, and is not going to go down.

Cyber espionage as a threat and challenge would have to be accepted as a part and parcel of rules based international order though trying to break it as its seams. The latest headline blares, “Chinese hackers breached 20,000 Fortigate systems worldwide.’ It was the Dutch Military Intelligence which revealed that the impact of Chinese espionage, as unveiled earlier this year, is “much much larger than previously known.” Their joint report said that the Chinese hackers exploited a critical FortiOS/FortiProxy remote code execution vulnerability to deploy malware on vulnerable Fortigate network security appliances.

The months when this malware has been deployed can be termed as ‘zero day’ period. In this time the actor infected 14,000 devices alone. The targets have been very high profile from an espionage point of view. It included dozens of western governments, international organisations and a large number of companies within the defence industry. In these attacks Coathanger remote access trojan (RAT) malware was used. The Dutch ministry of defence network was also a target. This network is used for research and development of unclassified projects. Due to segmentation the movement of hackers to other areas could be blocked.

The malware strain was previously unknown. It can survive system reboots and firmware upgrades. Real military grade so to say. It was a part of a political espionage campaign targeting the Netherlands. This breach provided the state actor permanent access to the systems. This access would continue even if the victim installs security updates from Fortigate. It is unknown as to how many victims actually have malware installed. The state actor could also expand his access to hundreds of victims worldwide. How easy would it then be to break every barrier? Sovereignty in that case just remains a legal veil. It is said the Chinese threat group obtained access to at least 20,000 FrotiGate systems worldwide.

Sanjay Sahay

Have a nice evening.

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top