The attacker used the CVE-2022-41328 exploit to write files to FortiGate disks, which is outside the normal limits allowed with shell access. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS,” Mandiant’s report read. “The exploit requires a deep understanding of FortiOS and the underlying hardware. “The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets.” ![]() The attackers exploit the flaw to target large organizations, steal sensitive data, and implement file or OS corruption. Which Products Are Vulnerable?Īccording to Mandiant’s investigation, conducted in collaboration with Fortinet, multiple Fortinet products were impacted by this vulnerability, including FortiManager, FortiGate, and FortiAnalyzer. Researchers believe a threat actor with links to China accessed victim environments and deployed backdoors into Fortinet and VMware software to maintain persistence, achieved through the zero-day vulnerability, which the attacker used to deploy multiple custom malware strains on the OS. Mandiant researchers explained that the bug is a local directory traversal zero-day vulnerability present in FortiOS, tracked as CVE-2022-41328, and was patched by Fortinet earlier in March 2023. Critical Vulnerability in FortiOS Aiding Chinese Spies ![]() Mandiant believes that a group with links to China, identified as UNC3886, is exploiting this vulnerability.Īccording to the cybersecurity researchers at Google-owned Mandiant, Chinese espionage actors are suspected of exploiting a critical vulnerability in Fortinet using custom networking malware to steal credentials and retain access to the network.
0 Comments
Leave a Reply. |