In a revelation that adds yet another chapter to the ongoing saga of international cybersecurity threats, the Dutch Ministry of Defense recently shed light on a significant security breach.
Reports that state-sponsored Chinese hackers have infiltrated the internal computer network the ministry uses were confirmed.
The official joint message from the military (MIVD) and civilian (AIVD) security services asserted that the hackers exploited a vulnerability in the popular FortiGate devices to gain illegal access into the ministry's network. Subsequent espionage was aimed at an insulated network used by the armed forces for unclassified research and development.
However, the potential damage was minimized due to the isolated nature of the compromised system. "Because this system was self-contained, it did not cause damage to the Defence network," the agency reassured, illustrating the importance of cybersecurity measures for all organizations with sensitive data.
The Defence Minister Kajsa Ollongren observed that this was the first instance of the MIVD publicizing a technical report on the working methods of Chinese hackers. Arguing the need for greater transparency in tackling cybersecurity threats, Ollongren stated, “It is important to attribute such espionage activities by China. In this way, we increase international resilience against this type of cyber espionage.”
The details surrounding which bug allowed the hackers to breach the system have yet to be disclosed. However, a vulnerability discovered in the globally prevalent FortiGate devices last year — earmarked as CVE-2023-27997 — led to a major international security alert. Given that these devices are significantly favored by government organizations worldwide, the potential risks associated were substantial.
After the vulnerability came to light, cybersecurity researchers warned that the internet was riddled with hundreds of thousands of exposed, vulnerable interfaces, making up about 70% of the respective device installations online.
The Chinese hackers' activities provoked speculation of associations with other cyber threat groups. An apt example is Christopher Glyer from the Microsoft Threat Intelligence Center, who last year queried the possibility of this bug being exploited by a Chinese-affiliated threat group — Volt Typhoon, known for breaching critical infrastructure in Guam.
However, Fortinet decided against linking the exploit to Volt Typhoon at the current juncture, stating, "we expect all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices.”
This incident, one amongst many such global cyber threats, highlights the urgency with which governments need to review their cybersecurity protocol and invest in new-school security awareness training. Moreover, it demonstrates how integral it has become for nations to work collectively to tackle the relentless tsunami of cyber espionage operations.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The Record has the full story.