The Netherlands has discovered malicious cyber activity against the armed forces’ computer networks involving Chinese spies.
The country’s Military Intelligence and Security Service (MIVD) said that the attacks were facilitated through malware deployed by the Asian country into the Dutch military’s FortiGate software.
FortiGate is developed by California-based cybersecurity company Fortinet and is offered internationally.
Alongside firewall protection, the FortiGate offers remote access between activated devices linked under the same network connection.
According to the MIVD’s analysis, the Chinese malware was identified as a Remote Access Trojan or RAT, a type of virus used to infect a network or produce another malware for exploitation schemes.
RAT serves as a “backdoor” capability for threat actors to penetrate into the victims’ critical infrastructure, steal their sensitive data, or control their digital platforms.
The agency wrote that the malware was found in 2023 on a computer network used for unclassified research and development programs. The MIVD suspected the virus was leveraged to target known vulnerabilities in FortiGate devices.
“This RAT is a targeted persistent malware that operates outside of traditional detection measures and is specifically designed for FortiGate devices,” a statement from the MIVD said.
“Another feature is that this malware is not aimed at gaining access to systems but at maintaining access. Initial access was gained by exploiting the FortiGate vulnerability.”
After the investigation, the MIVD confirmed that the malware did not initiate new vulnerabilities across the network.
The system was self-contained and did not cause damage to the digital architecture across the Ministry of Defense networks, the agency added.
“For the first time, the MIVD has chosen to make public a technical report on the working methods of Chinese hackers,” Dutch Defense Minister Kajsa Ollongren stated.
“It is important to attribute such espionage activities by China. In this way we increase international resilience against this type of cyber espionage.”