Coathanger

Malware updated 15 days ago (2024-11-29T14:24:41.344Z)
Download STIX
Preview STIX
Coathanger is a stealthy and persistent malware, discovered by Dutch intelligence and security services, used by Chinese hackers to infiltrate and exploit FortiGate systems. The initial intrusion began with the exploitation of CVE-2022-42475, a vulnerability in the system. According to a report issued by the Dutch General Intelligence and Security Service earlier this year, Coathanger was used as a remote access trojan (RAT) to gain control over edge devices and establish a communication channel for selected victims. It hooks system calls that could potentially reveal its presence, making it difficult to detect. The malware's sophisticated design allows it to recover after every reboot by injecting a backup of itself into the process responsible for rebooting the system. Notably, the infection survives firmware upgrades, ensuring its continued operation even when system updates are implemented. This ability to persistently maintain its presence on the infected device underscores the advanced nature of Coathanger. Dutch officials warn that the stealthy nature of Coathanger likely allows hackers to maintain access to some victims' systems. The malware was found on the network of an unidentified Western diplomatic representative, among other victims, indicating a broad range of targets. The Chinese threat actors reportedly scanned for vulnerable edge devices at scale, gaining access opportunistically and introducing Coathanger as a communication channel for select victims. The Dutch defense department has taken action against the threat, but the targeted and persistent nature of Coathanger highlights the ongoing cybersecurity risks associated with state-backed cyber espionage.
Description last updated: 2024-06-12T02:15:41.782Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Fortigate
Chinese
Backdoor
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2022-42475 Vulnerability is associated with Coathanger. The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in is related to
2
Source Document References
Information about the Coathanger Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more