Government organizations and other government-related targets had their networks targeted in attacks exploiting an already patched FortiOS SSL-VPN zero-day flaw, tracked as CVE-2022-42475, reports BleepingComputer.
Sophisticated attackers are believed to be behind the operation due to the exploit's complexity, according to a Fortinet report.
"The discovered Windows sample attributed to the attacker displayed artifacts of having been compiled on a machine in the UTC+8 timezone, which includes Australia, China, Russia, Singapore, and other Eastern Asian countries," said researchers.
Threat actors have been leveraging the flaw to facilitate malware installation aimed at removing FortiOS log entries or killing logging processes.
"The malware can manipulate log files. It searches for elog files, which are logs of events in FortiOS. After decompressing them in memory, it searches for a string the attacker specifies, deletes it, and reconstructs the logs," said Fortinet.
Immediate FortiOS version upgrades have been urged for those with vulnerable systems.
Endpoint/Device Security, Breach, Malware, Threat Management
Patched Fortinet SSL-VPN flaw leveraged to compromise government networks
Share
Related Terms
Anti-MalwareAttack VectorBackdoorBlack HatBrute ForceBusiness Email Compromise (BEC)Data MiningDeepfakeDefacementDistributed ScansGet daily email updates
SC Media's daily must-read of the most current and pressing daily news