[ad_1]
Chinese hackers attack European government institutions
A breach in the security of Fortinet network devices exposed a number of government agencies.
According to recent report published by the company MandiantChinese cybercriminals allegedly exploited a zero-day vulnerability in FortiOS, an operating system developed by a US cybersecurity company Fortinetto carry out a targeted attack.
The vulnerability under the identifier CVE-2022-42475 was exploited as early as October 2022. By the time the report was released, the “gap” had already been fixed. In January, Fortinet warned its customers that hackers were using the vulnerability to attack government networks.
Mandiant has discovered a new piece of malware that researchers have named Boldmove. It was specifically designed to work on FortiGate firewalls from Fortinet.
Researchers believe the attack was carried out as part of a Chinese cyber-espionage operation targeting networked devices. “We expect this tactic to continue to be the preferred invasion vector for well-resourced Chinese groups,” Mandiant said.
Boldmove malware
The Boldmove backdoor was discovered in December 2022. It is written in the C programming language and has variants for both Windows and Linux. The latter, by the way, is designed to work on Fortinet network devices, since it reads data from files owned by the company. If successful, the malware allows attackers to take complete remote control of a vulnerable FortiOS device.
The Windows version of Boldmove was compiled back in 2021, but Mandiant specialists have not seen this malware used “in the wild” until that moment (ITW).
Mandiant researchers suspect that Chinese hackers are behind the attacks due to the tactics and targeting they use. In addition, the malware, according to the researchers, was compiled on a computer configured to display Chinese characters and located in the UTC+8 time zone, which includes Australia, China, Russia, Singapore and other East Asian countries.
Fortinet Network Appliances
According to Mandiant, devices for accessing the Internet (from the English. internet-facing devices) such as firewalls, IPS and IDS devices are attractive targets for attacks by cyber bandits.
First, they have access to the Internet. This means that if the right exploit is available, access to the network can be provided without any interaction with the victim. “This allows the attacker to clearly control the time of the operation and reduce the chances of detection,” Mandiant said.
Secondly, the aforementioned network devices, although designed to check network traffic, search for anomalies, as well as signs of malicious behavior, are often themselves vulnerable to hacker attacks.
The exploits needed to compromise these devices are difficult to develop and are often used against high-priority targets in the government and defense sectors.
According to Mandiant, there are currently no mechanisms to detect malicious processes running on such network devices. “This makes network devices a blind spot for security professionals and allows attackers to hide in them for long periods of time. And also use them to gain a foothold in the target network,” the study says.
[ad_2]
Source link
www.securitylab.ru