Hackers Compromise 20k FortiGate Systems

At the beginning of 2024, there were reports of Chinese threat actors targeting FortiGate systems with COATHANGER malware.

However, it has been discovered that the Chinese cyber espionage campaign had much more extensive capabilities than before. 


The Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) have released a security advisory stating that Chinese state actors have been abusing vulnerabilities in edge devices to gain additional capabilities and activities.

20K FortiGate Systems Compromised

According to the reports shared with Cyber Security News, the COATHANGER malware campaign was further investigated, which revealed that the threat actor had gained access to at least 20,000 FortiGate systems worldwide, including dozens of governments, international organizations, and a large number of companies within the defense industry.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

The threat actor infiltrated these devices in just a few months in 2022 and 2023 via the CVE-2022-42475 vulnerability.

Further, it has been found that the threat actor knew about this vulnerability for at least two months before its disclosure.

During this zero-day period, the threat actor has infected malware in over 14,000 devices. 

It is still unknown how many targets are affected to date.

In addition, even if a victim of this campaign tries to install security updates on the FortiGate systems, the threat actor still has access to them.

This concluded that the Chinese nation-state actor still has access to a large number of victim systems.


To mitigate this threat actor, the NCSC (Nationaal Cyber Security Centrum) has recommended that organizations apply the “assume breach” principle, which gives the impression that there has already been a breach. 

Additionally, multiple mitigation measures such as segmentation, detection, incident response plans, and forensic readiness can be taken to limit the damage and impact.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.