Attackers Crafted Custom Malware for Fortinet Zero-Day

[vtqhtr413]

Content source

https://www.darkreading.com/threat-intelligence/china-based-attacker-crafted-custom-malware-for-fortinet-zero-day

Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet's FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet's FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations. It is the latest example of adversaries from the country targeting firewalls, IPS, IDS, and other Internet-facing technologies that enterprises use for securing their networks, Mandiant said in a report this week. Researchers from the company came across the malware in a public repository in December and were able to tie it to the Fortinet zero-day bug (CVE-2022-42475) based on information that Fortinet released in its initial vulnerability disclosure.

Attackers Crafted Custom Malware for Fortinet Zero-Day

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

www.darkreading.com

 

[Stopspying]

More reading on this -

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day...

securityaffairs.com

Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware

Researchers are warning of a new Chinese malware called "BOLDMOVE" that exploited a recently discovered vulnerability in Fortinet's FortiOS SSL-VPN.

thehackernews.com