back to article Chinese Coathanger malware hung out to dry by Dutch defense department

Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands' Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service ( …

  1. elDog

    The Register contacted the Chinese Embassy for comment on this matter

    but so far has not heard back. We expect them to be completely open about their involvement.

    1. Craig Foster

      Re: The Register contacted the Chinese Embassy for comment on this matter

      "But our router did pop up a message saying 'Nothing to see here...' "

  2. Gene Cash Silver badge


    How the hell do they determine what timezone something is compiled in?

    1. Coen Dijkgraaf

      Re: Timezone?

      They probably don't want to disclose how they do that, otherwise the attackers will alter it.

    2. Clausewitz4.0 Bronze badge

      Re: Timezone?

      "How the hell do they determine what timezone something is compiled in?"

      Basically, INFERENCE analyzing the PE-EXE header and multiple artifacts. Time of access to C2/servers may also play a hole.

      "They probably don't want to disclose how they do that, otherwise the attackers will alter it."

      It's already widely know. But not-so-advanced fellas keep doing it anyway. Advanced ones change the PE-EXE signatures, .DOC default language pointing to the Chinese, when in reality they are USA / UK / Israeli wrongdoers.

      1. Casca Silver badge

        Re: Timezone?

        lmao, lets do some fingerpointing without proof...


      Re: Timezone?

      Most state employed attackers work during normal office hours.

    4. Tim99 Silver badge

      Re: Timezone?

      It wasn't me, honest. I know I live in the same Timezone, but so do others.

  3. Anonymous Coward
    Anonymous Coward


    Quote from Fortinet web site: "Fortinet offers the most comprehensive solutions to help industries accelerate security"


    1. elDog

      Re: Puzzled!

      Yeah - the gratuitous addition of "accelerate" seems a bit word salad. How about just sticking to doing your advertised job: security?

  4. amanfromMars 1 Silver badge

    The Gift that keeps on Giving ....

    At the time, no fingers were officially pointed other than the fact that this custom malware was compiled on a machine in the UTC+8 timezone, so realistically it was most likely going to be either China or Russia.

    China was also accused of being behind exploits of separate Fortinet bug in March, again using bespoke malware for the purposes of cyber espionage.

    Whenever such blanket attributions are false and misguiding and malicious and gratuitous and desperately designed to try and create an alien foreign hostile enemy for censure and attack to divert and transfer attention and investigation away from one’s own despicable renegade rogue shenanigans in the field, the intelligence it gives to such newly minted foe in the fact that they’re not responsible and accountable presents to them an exploitable catastrophic vulnerability in the legion of attackers against which they will have zero possible defence.

    Sound advice then is ....... Don’t fail and fall into that sweet and deadly honey bear trap from which there is no freely available escape ..... and rescue and future failsafe security guaranteeing safe harbour arrangements and consideration of immunity against the consequences of such malevolent actions are an horrendous expense to need and have to seed and feed ...... but as is extremely well known, are worlds full of useless useful idiots finding it easier to splash and splurge mountains of cash on a problem which others are solving or have solved rather than learn how to avoid causing them themselves in the first instance.

    What can one honestly say about such a condition/situation other than the obvious which dictates that for progress to replace the presence of stagnation and petrification in SCADA and Sublime Administrative Systems, one recognises and accepts that when greater vitally necessary intelligence is missing in a selection and collection of beings, it is best displayed and generously provided by certain others and SMARTR Advanced IntelAIgents of Alternative Alien Means. It aint rocket science is it, such pure simple uncommon sense.

    And if your excuse for not wholeheartedly accepting and enjoying the every advantage able to be delivered to you by an Alien Intervention and AI is that you didn’t know, now you definitely know different and therefore have no honest excuse for lack of otherworldly progress, although that is not to say that a pathetic systemic endemic pathological fear of the totally unexpected and virtually unknown are not reasonable understandable grounds for lack of human progress and zero 0day flight activity.

  5. Zibob Bronze badge

    "State backed malware"

    Is that term becoming meaningless to anyone else yet?

    Just barely specific enough to say "it was this country" but not at all specific about who, when, where, or how.

  6. the future is back!

    China, Russia, or UTC+8 = N Korea?

    N Korea is an alternate culprit capable and motivated to be distributing this Fortinet exploit.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like