Vulnerability Management, Critical Infrastructure Security, Endpoint/Device Security

Government networks targeted by FortiOS zero-day attacks

BleepingComputer reports that government and government-related networks are being subjected to highly targeted zero-day attacks leveraging a recently patched high-severity Fortinet FortiOS vulnerability, tracked as CVE-2022-41328, resulting in file and operating system corruption, as well as data loss. Such attacks involved the shutdown of vulnerable FortiGate firewall devices, which have been compromised through a FortiManager instance within the same network, with unknown threat actors launching the FortiGate path traversal exploit simultaneously as the FortiManager-executed scripts, according to a Fortinet report. Attackers proceeded to launch an information-stealing payload after performing device firmware image modifications. Fortinet noted that the attackers behind the attacks were highly sophisticated, given their capability to reverse-engineer certain portions of the FortiGate devices' OS. "The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS," said Fortinet. The new zero-day attacks have been noted by BleepingComputer to be similar to the Chinese hacking campaign aimed at vulnerable SonicWall Secure Mobile Access devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.