Chinese Hackers Penetrated Dutch Defense Network: Report

State-backed actors gained access to the Dutch military network last year and achieved persistent access, according to a Dutch intelligence report.

Chinese state-backed attackers hacked into a Dutch defense network last year and gained persistent access, the Netherlands has acknowledged.

“It is important to ensure that espionage activities of this nature committed by China become public knowledge since this will help to increase international resilience to this type of cyber espionage,” Dutch Defense Minister Kajsa Ollongren said on Feb. 6.

The report, jointly published by the Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD), didn’t clarify what information the hackers were trying to obtain.

The report states that damage from the breach was limited because of “network segmentation,” which separated it from the ministry’s wider network.

The affected network “had fewer than 50 users” and was used for unclassified research, they said.While the event marks the first time that the Netherlands has publicly attributed an act of cyber espionage to China’s communist regime, the report’s phrasing suggests that it isn’t the first known incident.

“MIVD & AIVD assess with high confidence that the malicious activity was conducted by a state-sponsored actor from the People’s Republic of China. This is part of a wider trend of Chinese political espionage against the Netherlands and its allies,” the report reads.

The report acknowledges that Chinese hacking attempts occurred “with a high operational tempo.”

The Chinese Communist Party (CCP), which rules China as a single-party state, hasn’t yet responded to the incident; it routinely denies any involvement in overseas hacking campaigns.

Regardless, numerous reports have found that China-backed actors associated with both Chinese intelligence and law enforcement are behind the world’s largest online influence operations.

U.S. intelligence leaders likewise announced on Jan. 31 that they had dismantled Chinese malware known as Volt Typhoon, which had been planted on hundreds of devices and threatened vital U.S. infrastructure, including water, energy, oil, and air traffic control systems.

FBI Director Christopher Wray testified that the CCP’s intrusion into U.S. systems was unique for the extent to which it deliberately targeted civilian systems that would directly pose physical harm to U.S. citizens.

“They’re not focused just on political and military targets,” Mr. Wray said.

“Let’s be clear. Cyber threats to our critical infrastructure represent real-world threats to our physical safety.”

Similarly, the malware uncovered by Dutch intelligence—named “COATHANGER”—was used to grant China persistent access to the network after entry, effectively granting the regime the ability to exploit the network as opportunities presented themselves.

 

Read More

Leave a Reply