BleepingComputer reports that government and government-related networks are being subjected to highly targeted zero-day attacks leveraging a recently patched high-severity Fortinet FortiOS vulnerability, tracked as CVE-2022-41328, resulting in file and operating system corruption, as well as data loss.
Such attacks involved the shutdown of vulnerable FortiGate firewall devices, which have been compromised through a FortiManager instance within the same network, with unknown threat actors launching the FortiGate path traversal exploit simultaneously as the FortiManager-executed scripts, according to a Fortinet report.
Attackers proceeded to launch an information-stealing payload after performing device firmware image modifications. Fortinet noted that the attackers behind the attacks were highly sophisticated, given their capability to reverse-engineer certain portions of the FortiGate devices' OS.
"The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS," said Fortinet.
The new zero-day attacks have been noted by BleepingComputer to be similar to the Chinese hacking campaign aimed at vulnerable SonicWall Secure Mobile Access devices.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news