Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
1 min read
Jan 23, 2023
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa.
Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were released.
"This incident continues China's pattern of exploiting internet facing devices, specifically those used for managed security purposes (e.g., firewalls, IPS\IDS appliances etc.)," Mandiant researchers said in a technical report.
The attacks entailed the use of a sophisticated backdoor dubbed BOLDMOVE, a Linux variant of which is specifically designed to run on Fortinet's FortiGate firewalls.
The link for this article located at The Hacker News is no longer available.
Related Articles
1 - 0 min read
Multiple Severe, Remotely Exploitable Chromium Vulns Fixed
1 - 0 min read
Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!
1 - 0 min read
Critical OpenSSH RCE Bugs Fixed
1 - 0 min read
VLC DoS, Remote Code Execution Vulns Fixed
1 - 0 min read
Remotely Exploitable Bind DoS Bugs Fixed
