Suspected Chinese Hackers Exploit Fortinet Zero-Day Vulnerability

March 16, 2023

A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware. The security flaw allowed threat actors to deploy malware payloads by executing unauthorized code or commands on unpatched FortiGate firewall devices. Analysis revealed that the attackers could use the malware for cyber-espionage, including data exfiltration, downloading and writing files on compromised devices, or opening remote shells when receiving maliciously crafted ICMP packets.

Mandiant CTO Charles Carmakal said, "Chinese espionage operators' recent victims include DIB, government, telecoms, and technology. Given how incredibly difficult they are to find, most organizations cannot identify them on their own. It's not uncommon for Chinese campaigns to end up as multi-year intrusions." Ben Read, Head of Mandiant Cyber Espionage Analysis at Google Cloud, added, "We believe the targeting of these devices will continue to be the go to technique for espionage groups attempting to access hard targets. This is due to their being accessible from the internet allowing actors to control the timing of the intrusion, and in the case of VPN devices and routers - the large amount of regular inbound connections makes blending in easier."

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.