Tag: chinesemalware

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
Risk, Security

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

In assaults against a European government organization and an African managed service provider (MSP), a suspected China-nexus threat actor used a recently fixed Fortinet FortiOS SSL-VPN vulnerability as a zero-day. The exploitation took place as early as October 2022, at least over two months before updates were made, according to telemetry data acquired by Google-owned Mandiant. Researchers from Mandiant claimed in a technical analysis that the event "continues China's trend of targeting internet-facing devices, notably those used for managed security purposes (e.g., firewalls, IPSIDS appliances, etc.)." In order to carry out the attacks, a sophisticated backdoor known as BOLD MOVE was used. This backdoor is a Linux variant that has been optimized to run on Fortinet's FortiGate ...