COATHANGER Malware Expands Espionage Campaign

Summary:

The COATHANGER malware, attributed to a state actor, has been used in a broader espionage campaign than initially recognized, impacting at least 20,000 FortiGate systems globally in 2022 and 2023. The malware exploited the CVE-2022-42475 vulnerability in FortiOS, FortiGate’s operating system, before Fortinet disclosed the issue. Targets included Western governments, international organizations, and defense industry companies. Despite Fortinet releasing patches, the malware maintained access to compromised systems. The Dutch National Cyber Security Centre (NCSC) has issued an advisory on managing edge devices, emphasizing the "assume breach" principle and recommending measures like segmentation, detection, and forensic readiness to mitigate future risks.