Security News > 2023 > January > Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability

In December 2022, security company Mandiant, now a Google Cloud company, identified a FortiOS malware written in C that exploited the CVE-2022-42475 FortiOS vulnerability.

The Linux version of the malware, when executed, performs a system survey and enables communications with a hardcoded command-and-control server.

SEE: The rise of Linux malware: 9 tips for securing the OSS. The system survey done by the malware collects several pieces of information, including the operating system version, the host name, network interface information, the user ID of the backdoors process and the process ID of the malware process.

Historically, the Chinese clusters of cyberespionage threat actors have always shown a particular interest in targeting network appliances and devices and their operating systems.

Chinese threat actors compromised Pulse Secure VPN appliances in the past or exploited zero-day vulnerabilities in SonicWall Email Security Product.

The compiled timestamps of the malware variants reveal a probable development of the malware in the UTC+8 time zone, which includes Australia, China, Russia, Singapore and other Eastern Asian countries, on a machine configured to display Chinese characters.

News URL

https://www.techrepublic.com/article/mandiant-report-boldmove/