Security News > 2023 > March > Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
2023-03-18 11:30

The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group.

Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments.

The Google-owned threat intelligence and incident response firm is tracking the malicious operation under its uncategorized moniker UNC3886, a China-nexus threat actor.

"UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns," Mandiant researchers said in a technical analysis.

It's worth noting that the adversary was previously tied to another intrusion set targeting VMware ESXi and Linux vCenter servers as part of a hyperjacking campaign designed to drop backdoors such as VIRTUALPITA and VIRTUALPIE. The latest disclosure from Mandiant comes as Fortinet revealed that government entities and large organizations were victimized by an unidentified threat actor by leveraging a zero-day bug in Fortinet FortiOS software to result in data loss and OS and file corruption.

"The activity is further evidence that advanced cyber espionage threat actors are taking advantage of any technology available to persist and traverse a target environment, especially those technologies that do not support EDR solutions," Mandiant said.

News URL

Related vendor

Fortinet 154 53 321 96 51 521