The Dutch military security service MIVD now says that a cyber espionage campaign first reported in February had access to some 20,000 Fortigate-secured systems in 2022 and 2023 and “appears to be much more extensive than previously known”.

In February, the MIVD admitted Chinese malware had been found on an stand-alone defence ministry network in 2023, after publishing a detailed technical report as a “warning to others”. 

The hackers exploited a Fortigate flaw to create a ‘backdoor”, through which information could be collected, the MIVD said at the time.

Monday’s statement via the Nationaal Cyber Security Centre suggests the hack was much bigger than thought, and that the MIVD suspects the Chinese still have access to some systems.

The MIVD says the Chinese espionage campaign targeted “dozens of western governments, international organisations and a large number of defence ministry firms”.

The “infections” are difficult to identify and remove, which leads the MIVD to believe it probably that the “foreign state actor” still has access to the system of a “significant” number of victims.

China has denied any involvement in the February  report, saying the country “always firmly opposes and cracks down on cyber attacks in all forms in accordance with the law.”

“We will not allow any country or individual using Chinese infrastructure to engage in such illegal activities,” the February statement said.