Security News > 2023 > January > Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability
In December 2022, security company Mandiant, now a Google Cloud company, identified a FortiOS malware written in C that exploited the CVE-2022-42475 FortiOS vulnerability.
The Linux version of the malware, when executed, performs a system survey and enables communications with a hardcoded command-and-control server.
SEE: The rise of Linux malware: 9 tips for securing the OSS. The system survey done by the malware collects several pieces of information, including the operating system version, the host name, network interface information, the user ID of the backdoors process and the process ID of the malware process.
Historically, the Chinese clusters of cyberespionage threat actors have always shown a particular interest in targeting network appliances and devices and their operating systems.
Chinese threat actors compromised Pulse Secure VPN appliances in the past or exploited zero-day vulnerabilities in SonicWall Email Security Product.
The compiled timestamps of the malware variants reveal a probable development of the malware in the UTC+8 time zone, which includes Australia, China, Russia, Singapore and other Eastern Asian countries, on a machine configured to display Chinese characters.
News URL
https://www.techrepublic.com/article/mandiant-report-boldmove/
Related news
- Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability (source)
- CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- US Defense Dept received 50,000 vulnerability reports since 2016 (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-02 | CVE-2022-42475 | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |