The Dutch military security service, MIVD, has uncovered that a cyber espionage campaign targeting Fortigate-secured systems was significantly more extensive than initially reported. This revelation, announced on June 10, 2024, indicates that the breach affected approximately 20,000 systems in 2022 and 2023.

In February, the MIVD disclosed that Chinese malware had been detected on a standalone network within the Dutch defense ministry. This discovery was accompanied by a detailed technical report aimed at warning other organizations about the threat. The malware exploited a vulnerability in Fortigate security systems to establish a backdoor, enabling unauthorized access and data collection. 

A recent statement from the Nationaal Cyber Security Centre suggests that the scale of the hack is far greater than previously believed. The MIVD now suspects that the Chinese operatives still maintain access to some of the compromised systems. The espionage campaign reportedly targeted dozens of Western governments, international organizations, and numerous defense ministry firms.

Identifying and removing the infections has proven challenging, leading the MIVD to believe that the foreign state actor retains access to a significant number of affected systems. The difficulty in purging these infections underscores the sophistication and persistence of the cyber espionage campaign.

China has denied any involvement in the cyberattacks. In response to the February report, Chinese officials stated that the country “always firmly opposes and cracks down on cyber attacks in all forms in accordance with the law” and that they would not permit any country or individual to use Chinese infrastructure for illegal activities.

As the investigation continues, the extent of the breach and its implications for international cybersecurity remain a critical concern for the affected entities.