China’s Spies Hacked NATO Ally’s Defenses, Official Says | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

[ad_1]

Hackers backed by the Chinese government infiltrated a Dutch military network last year, Dutch authorities said Tuesday.

The cyber spies planted malicious software, or malware, within an armed forces network used for unclassified research and development, the country’s military intelligence agency said in a report.

The attack comes amid friction between the NATO ally and Beijing, not least because Dutch firm ASML, the only company in the world producing the lithography machines key to manufacturing advanced semiconductors, is enforcing the U.S.’ ban on high-tech machinery exports to China.

The Military Intelligence and Security Service (MIVD) has exposed Chinese cyberespionage in the Netherlands. The service discovered sophisticated Chinese malware that makes this possible. A Chinese state actor is responsible for this. The MIVD determines this on the basis of its own information,” the report said.

Director of the Dutch Military Intelligence and Security Service, Major General Jan Swillens, left, and Director General of the General Intelligence and Security Service, Erik Akerboom, center, are seen in The Hague in the Netherlands…
Director of the Dutch Military Intelligence and Security Service, Major General Jan Swillens, left, and Director General of the General Intelligence and Security Service, Erik Akerboom, center, are seen in The Hague in the Netherlands on February 20, 2023. The MIVD has reported it uncovered a hacking operation by Chinese state-backed actors.

The Dutch defense ministry did not immediately return Newsweek‘s written request for comment.

The MIVD said the malware was of a type known to be employed by China for espionage.

“The malware found installed ‘a backdoor’ by exploiting a known vulnerability in FortiGate devices,” per the report. FortiGate is a widely used network security system developed by Sunnydale, California-based cybersecurity company Fortinet.

Because the infected system was self-contained, however, there was no damage to the defense network, the agency said.

“For the first time, the MIVD has chosen to publish a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China,” the report quoted Dutch Defense Minister Kajsa Ollongren as saying. “In this way, we increase international resilience against this type of cyberespionage.”

“China always firmly opposes and cracks down on cyber-attacks in all forms in accordance with the law,” the Chinese embassy in the Netherlands said in a press statement Thursday. “We will not allow any country or individual using Chinese infrastructure to engage in such illegal activities.”

Calling cybersecurity a universal challenge that the country will address “through dialogue and cooperation,” the embassy said: “China opposes any malicious speculations and groundless accusations.”

In a separate report, the MIVD said the attack “fits within a broader trend,” seen by it and partnered organizations.

“Edge devices” accessible by the public, such as firewalls, like FortiGate, routers, and VPN and email servers are particularly vulnerable because they are at the periphery, or “edge,” of networks and thus often escape detection by cybersecurity systems.

Last week, the FBI said it had thwarted an attempt by a Chinese state-backed hacking ring to conceal preparations for attacks against “critical [U.S.] infrastructure.”

The cyber criminals, known collectively as Volt Typhoon, had infected small office/home office (SOHO) routers with botnet malware, which enables the planters to give commands to a whole network of computers without their owners’ knowledge.