[Nulled] » Information security » Mandiant researchers have determined that a recent Fortinet vulnerability was exploited as a 0-day
January 23 2023

Mandiant researchers have determined that a recent Fortinet

Mandiant researchers have determined that a recent Fortinet vulnerability was exploited as a 0-day for malware delivery in October 2022, almost two months before the patch release.

The resellers suspect the actor of having ties with the PRC, believing that the incident continues the practice of Chinese ART on the use of devices connected to the Internet, especially those used for managed security (for example, firewalls, IPS\IDS devices, etc.). 

The attacker exploited a vulnerability in Fortinet FortiOS SSL VPN in attacks on an unnamed European government agency and an MSP provider in Africa.

During the attacks, the actor used a complex backdoor, named BOLDMOVE, the Linux version of which is specially designed to work on FortiGate firewalls.

The considered intrusion vector is associated with the exploitation of a buffer overflow vulnerability in dynamic memory in FortiOS SSL-VPN (CVE-2022-42475), which can lead to RCE without authentication using specially created requests.

Earlier this month, Fortinet also reported that attempts to exploit unidentified ART of this flaw during attacks on governments and other large organizations using a universal Linux implant that delivers additional payloads and executes commands from C2.

The latest Mandiant data shows that the attacker managed to use the vulnerability as a 0-day to his advantage and hack target networks for espionage operations.

With BOLDMOVE, attackers have developed not only an exploit, but also malware that demonstrates a deep understanding of systems, services, logging and undocumented proprietary formats.

It is claimed that malware written in C has variants for both Windows and Linux, with the latter being able to read data from a file format belonging to Fortinet.

Analysis of the metadata of the backdoor version for Windows shows that they were compiled back in 2021, although no samples were found in the wild.

BOLDMOVE is designed to analyze the system and is able to receive commands from C2, which, in turn, allows attackers to perform operations with files, launch a remote shell and relay traffic through an infected host.

The advanced malware sample for Linux comes with additional features to disable and manage logging functions in an attempt to avoid detection, which is confirmed by the Fortinet report.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 23 January 2023 12:42
  • Publication category(s): Information security
  • Number of views of the publication: 325
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Most Cacti installations

Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error, which is

Read more
16 January 2023
Information security
Microsoft's January

Microsoft's January PatchTuesday was released with fixes for a record 98 documented software vulnerabilities.

Read more
16 January 2023
Information security
Netgear has fixed a

Netgear has fixed a serious vulnerability affecting Wi-Fi routers and advised customers to update the software on

Read more
16 January 2023
Information security
Critical CVE-2022-44877

Critical CVE-2022-44877 with a severity rating of 9.8 out of 10, recently fixed in the Control Web Panel (formerly

Read more
23 January 2023
Information security
As we warned, Horizon3

As we warned, Horizon3 researchers have uncovered a PoC exploit and presented a technical analysis for the

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +8 Total articles 6751
  • +19 Comments 4239
  • +33 Users : 6079