Government networks targeted by FortiOS zero-day attacks

BleepingComputer reports that government and government-related networks are being subjected to highly targeted zero-day attacks leveraging a recently patched high-severity Fortinet FortiOS vulnerability, tracked as CVE-2022-41328, resulting in file and operating system corruption, as well as data loss. Such attacks involved the shutdown of vulnerable FortiGate firewall devices, which have been compromised through a FortiManager instance within the same network, with unknown threat actors launching the FortiGate path traversal exploit simultaneously as the FortiManager-executed scripts, according to a Fortinet report. Attackers proceeded to launch an information-stealing payload after performing device firmware image modifications. Fortinet noted that the attackers behind the attacks were highly sophisticated, given their capability to reverse-engineer certain portions of the FortiGate devices' OS. "The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS," said Fortinet. The new zero-day attacks have been noted by BleepingComputer to be similar to the Chinese hacking campaign aimed at vulnerable SonicWall Secure Mobile Access devices.