In assaults against a European government organization and an African managed service provider (MSP), a suspected China-nexus threat actor used a recently fixed Fortinet FortiOS SSL-VPN vulnerability as a zero-day.
The exploitation took place as early as October 2022, at least over two months before updates were made, according to telemetry data acquired by Google-owned Mandiant.
Researchers from Mandiant claimed in a technical analysis that the event “continues China’s trend of targeting internet-facing devices, notably those used for managed security purposes (e.g., firewalls, IPSIDS appliances, etc.).”
In order to carry out the attacks, a sophisticated backdoor known as BOLD MOVE was used. This backdoor is a Linux variant that has been optimized to run on Fortinet’s FortiGate firewalls read the complete article New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability.