Dutch intelligence said on Tuesday that Chinese state-backed cyber spies gained access to Dutch military networks last year, claiming this was part of a trend of Chinese political espionage against the Netherlands and its allies.
This is the first time the Netherlands has publicly attributed cyberespionage to China amid heightened national security tensions between the two countries.
Dutch Defense Minister Kaisa Ollongren said: “It is important to ensure that this type of espionage activity by China is kept in the public eye. This will increase international resilience against this type of cyber espionage activity. This is because it is useful.”
The agency, known by its Dutch acronyms “MIVD” and “AIVD,” uses malicious software, or malware, to hide its activities within a military network used by 50 people for unclassified research. announced that it had been placed.
01:37
Illegal Chinese police center in the Netherlands ordered to close immediately
Illegal Chinese police center in the Netherlands ordered to close immediately
“MIVD and AIVD emphasize that this incident did not occur in isolation but is part of a broader trend of Chinese political espionage against the Netherlands and its allies,” the report said.
The Chinese embassy in the Netherlands did not respond to a request for comment. The Chinese government regularly denies allegations of cyber espionage and says it opposes all forms of cyber attacks.
Last April, the AIVD said in its annual assessment that China poses the biggest threat to the Netherlands’ economic security, with espionage targeting high-tech companies and universities. A key target is his ASML, based in the southern city of Veldhoven, the world’s largest supplier of lithography equipment for making computer chips.
In a separate report, also from April last year, the MIVD said China was trying to illegally acquire Dutch space technology.
Strong demand for chip tools in China boosts Lam Research and ASML earnings
Strong demand for chip tools in China boosts Lam Research and ASML earnings
It was not clear from Tuesday’s report what information the hackers were trying to obtain. The damage was limited because the network was separate from the ministry’s main system, authorities said.
Reuters reported last month that the U.S. government had launched an operation to counter China’s rampant hacking operation, dubbed “Bolt Typhoon,” which had compromised thousands of internet-connected devices. It is not clear from the report whether the activities uncovered by MIVD and AIVD are related.
The malware, known as Coathanger, appeared to be able to hide its existence, at least temporarily. Officials named it after a fragment of code that includes a line from British author Roald Dahl’s short story “The Lamb and the Slaughterhouse.”
The line “She took his coat and hung it up” describes the moment before a wife murders her unsuspecting husband with a frozen leg of lamb.
Coathanger remains on the device even after updates and reboots and removes itself from virus scan results.
The report assessed with “high confidence” that both the hack and the malware were the work of “state-sponsored actors” in China.
The report said the implant was also found on the networks of Western international missions and a small number of other missions, adding: “This malware was developed specifically for FortiGate devices, which organizations use as firewalls to protect their systems. be. “
Fortinet, the maker of firewalls used around the world, did not respond to requests for comment.