Security News > 2023 > January > Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability
In December 2022, security company Mandiant, now a Google Cloud company, identified a FortiOS malware written in C that exploited the CVE-2022-42475 FortiOS vulnerability.
The Linux version of the malware, when executed, performs a system survey and enables communications with a hardcoded command-and-control server.
SEE: The rise of Linux malware: 9 tips for securing the OSS. The system survey done by the malware collects several pieces of information, including the operating system version, the host name, network interface information, the user ID of the backdoors process and the process ID of the malware process.
Historically, the Chinese clusters of cyberespionage threat actors have always shown a particular interest in targeting network appliances and devices and their operating systems.
Chinese threat actors compromised Pulse Secure VPN appliances in the past or exploited zero-day vulnerabilities in SonicWall Email Security Product.
The compiled timestamps of the malware variants reveal a probable development of the malware in the UTC+8 time zone, which includes Australia, China, Russia, Singapore and other Eastern Asian countries, on a machine configured to display Chinese characters.
News URL
https://www.techrepublic.com/article/mandiant-report-boldmove/
Related news
- Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities (source)
- Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-02 | CVE-2022-42475 | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |