Security News > 2023 > January > Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability

Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability
2023-01-23 20:53

In December 2022, security company Mandiant, now a Google Cloud company, identified a FortiOS malware written in C that exploited the CVE-2022-42475 FortiOS vulnerability.

The Linux version of the malware, when executed, performs a system survey and enables communications with a hardcoded command-and-control server.

SEE: The rise of Linux malware: 9 tips for securing the OSS. The system survey done by the malware collects several pieces of information, including the operating system version, the host name, network interface information, the user ID of the backdoors process and the process ID of the malware process.

Historically, the Chinese clusters of cyberespionage threat actors have always shown a particular interest in targeting network appliances and devices and their operating systems.

Chinese threat actors compromised Pulse Secure VPN appliances in the past or exploited zero-day vulnerabilities in SonicWall Email Security Product.

The compiled timestamps of the malware variants reveal a probable development of the malware in the UTC+8 time zone, which includes Australia, China, Russia, Singapore and other Eastern Asian countries, on a machine configured to display Chinese characters.

News URL

Related Vulnerability

2023-01-02 CVE-2022-42475 Out-of-bounds Write vulnerability in Fortinet Fortios
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
low complexity
fortinet CWE-787