Initial evidence collected by Google-owned security firm Mandiant suggests that the exploitation occurred in October 2022, nearly two months before the vulnerability was patched. Targets included a government entity in Europe and a managed services provider in Africa.
According to a report published by Mandiant, the malware appears to have been created by a China-based threat actor that conducts cyber-espionage operations against individuals and groups associated with the government.
It is the most recent instance of attackers from the country attacking firewalls, IPS, IDS, and other technologies used by businesses to secure their networks that are internet-facing.
BoldMove Backdoor
The attacks involved the use of a sophisticated backdoor known as BOLDMOVE, a Linux variant created especially to run on Fortinet’s FortiGate firewalls.
The intrusion vector in question is the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw in FortiOS SSL-VPN that could allow for unauthenticated remote code execution through carefully constructed requests.
Earlier this month, Fortinet revealed that the unidentified hacking groups had taken ad
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: