According to recent report , published by Mandiant, presumably Chinese cyber rescuers used a benefit. zero day in Fortios, an operating system developed by the American Fortinet cybersecurity company, to make a targeted attack.
The vulnerability under the identifier CVE-2022-42475 was operated back in October 2022. By the time the Brash report was already eliminated. In January, Fortinet warned its customers that hackers use this vulnerability to attack government networks.
Mandiant discovered a new malicious program, which the researchers called Boldmove. It was specially designed to work on Fortigate inter -grid screens from Fortinet.
Researchers believe that the attack was carried out as part of the Chinese cyberspilation operation, aimed at network devices. “We expect this tactics and will continue to be a preferred invasion vector for the Chinese groups well secured by resources,” Mandiant representatives said.
harmful Boldmove
Boldmove Backdor was discovered in December 2022. It is written in the programming language C and has options for both Windows and Linux. The latter, by the way, is designed to work on Fortinet network devices, since it reads data from the files belonging to the company. With successful execution, malicious software allows attackers to get complete remote control over a vulnerable device Fortios.
Boldmove version for Windows was compiled back in 2021, but Mandiant experts did not see this harm to this harm “in the wild” (itW).
Mandiant researchers suspect that the Chinese hackers are behind the attacks because of the tactics and targeting they used. In addition, harmful software, according to researchers, was compiled on a computer configured to display Chinese hieroglyphs and located in the UTC+8 clock belt, which includes Australia, China, Russia, Singapore and other countries of East Asia.
network devices Fortinet
According to mandiant, devices for Internet access (from English. These are devices that are connected to the Internet and are available for the outside world. They can be used for various purposes, for example, for access to websites, mail servers, network devices etc.
Examples of Internet phating devices:
- web servers that serve websites.
- routers that provide Internet access for a home network.
- Firewalls that protect the network from external threats.
- observation cameras that are connected to the Internet and can be viewed from anywhere in the world.