Security News > 2023 > March > Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group.
Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments.
The Google-owned threat intelligence and incident response firm is tracking the malicious operation under its uncategorized moniker UNC3886, a China-nexus threat actor.
"UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns," Mandiant researchers said in a technical analysis.
It's worth noting that the adversary was previously tied to another intrusion set targeting VMware ESXi and Linux vCenter servers as part of a hyperjacking campaign designed to drop backdoors such as VIRTUALPITA and VIRTUALPIE. The latest disclosure from Mandiant comes as Fortinet revealed that government entities and large organizations were victimized by an unidentified threat actor by leveraging a zero-day bug in Fortinet FortiOS software to result in data loss and OS and file corruption.
"The activity is further evidence that advanced cyber espionage threat actors are taking advantage of any technology available to persist and traverse a target environment, especially those technologies that do not support EDR solutions," Mandiant said.
News URL
https://thehackernews.com/2023/03/chinese-hackers-exploit-fortinet-zero.html
Related news
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation (source)
- Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign (source)
- Russian hackers shift to cloud attacks, US and allies warn (source)
- Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (source)
- Russian hackers hijack Ubiquiti routers to launch stealthy attacks (source)