Endpoint/Device Security, Breach, Malware, Threat Management

Patched Fortinet SSL-VPN flaw leveraged to compromise government networks

Government organizations and other government-related targets had their networks targeted in attacks exploiting an already patched FortiOS SSL-VPN zero-day flaw, tracked as CVE-2022-42475, reports BleepingComputer. Sophisticated attackers are believed to be behind the operation due to the exploit's complexity, according to a Fortinet report. "The discovered Windows sample attributed to the attacker displayed artifacts of having been compiled on a machine in the UTC+8 timezone, which includes Australia, China, Russia, Singapore, and other Eastern Asian countries," said researchers. Threat actors have been leveraging the flaw to facilitate malware installation aimed at removing FortiOS log entries or killing logging processes. "The malware can manipulate log files. It searches for elog files, which are logs of events in FortiOS. After decompressing them in memory, it searches for a string the attacker specifies, deletes it, and reconstructs the logs," said Fortinet. Immediate FortiOS version upgrades have been urged for those with vulnerable systems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.