Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network



Chinese state-sponsored hackers successfully infiltrated an internal computer network utilized by the Dutch Ministry of Defence last year, according to an announcement made by the Netherlands on Tuesday. In an unusual disclosure, both the country’s military (MIVD) and civilian (AIVD) security services revealed that the ministry fell victim to hacking for espionage purposes, exploiting a vulnerability in FortiGate devices, as initially reported by Reuters.

The MIVD reported the discovery of malware within a segmented computer network dedicated to unclassified research and development for the country’s armed forces. The agency clarified that since this system was self-contained, it did not inflict damage on the Defense network.

Defense Minister Kajsa Ollongren emphasized the significance of attributing such cyber espionage activities to China, stating, “For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers. It is important to attribute such espionage activities by China. In this way, we increase international resilience against this type of cyber espionage.”

The specific vulnerability exploited by the hackers remains undisclosed. However, concerns arose over a FortiGate device bug discovered last year, identified as CVE-2023-27997, due to the widespread usage of the product within government organizations. Following the disclosure of this vulnerability, researchers cautioned that there were hundreds of thousands of exposed interfaces vulnerable to the internet, accounting for nearly 70% of all installations online.

Christopher Glyer from the Microsoft Threat Intelligence Center questioned last year whether the same vulnerability was leveraged in attacks by a Chinese-linked threat group known as Volt Typhoon, which targeted critical infrastructure in Guam.

Fortinet, the company behind FortiGate devices, stated that it was not currently associating the exploit with Volt Typhoon but cautioned that it anticipated “all threat actors, including those behind the Volt Typhoon campaign, to continue to exploit unpatched vulnerabilities in widely used software and devices.”