BleepingComputer reports that government and government-related networks are being subjected to highly targeted zero-day attacks leveraging a recently patched high-severity Fortinet FortiOS vulnerability, tracked as CVE-2022-41328, resulting in file and operating system corruption, as well as data loss.
Such attacks involved the shutdown of vulnerable FortiGate firewall devices, which have been compromised through a FortiManager instance within the same network, with unknown threat actors launching the FortiGate path traversal exploit simultaneously as the FortiManager-executed scripts, according to a Fortinet report.
Attackers proceeded to launch an information-stealing payload after performing device firmware image modifications. Fortinet noted that the attackers behind the attacks were highly sophisticated, given their capability to reverse-engineer certain portions of the FortiGate devices' OS.
"The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS," said Fortinet.
The new zero-day attacks have been noted by BleepingComputer to be similar to the Chinese hacking campaign aimed at vulnerable SonicWall Secure Mobile Access devices.
Vulnerability Management, Critical Infrastructure Security, Endpoint/Device Security
Government networks targeted by FortiOS zero-day attacks
Share
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds