- Aug 17, 2017
Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet's FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet's FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations. It is the latest example of adversaries from the country targeting firewalls, IPS, IDS, and other Internet-facing technologies that enterprises use for securing their networks, Mandiant said in a report this week. Researchers from the company came across the malware in a public repository in December and were able to tie it to the Fortinet zero-day bug (CVE-2022-42475) based on information that Fortinet released in its initial vulnerability disclosure.
The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.