Coathanger is a piece of malware which has been specifically designed to persist on Fortinet’s FortiGate appliances. It has been found to have the ability to survive reboots and firmware upgrades, and its presence is difficult to detect and to remove. The Dutch Military Intelligence and Security Service found that the actor behind Coathanger had gained access to at least 20,000 FortiGate systems worldwide since 2022. The malware has been exploited by Chinese state-sponsored hackers, who used it to breach the Dutch Ministry of Defense in 2023. Currently, the only identified way of removing Coathanger from infected FortiGate devices is to format, reinstall, and reconfigure the device. 

Read more: https://www.helpnetsecurity.com/2024/06/12/coathanger-fortigate/