Unknown attackers have exploited the vulnerability of the zero-day Fortios with new exploits, leading to damage to the operating system and data loss. The attacks are specifically aimed at large government organizations globally and target computers with an outdated version of the software.
Fortinet began releasing updates for its security system in early March after identifying a critical vulnerability identified as cve-2022-41328. This vulnerability allowed attackers to remotely execute unauthorized code on a target system, and the updates were meant to address it.
Vulnerable products include Fortios versions 6.0, 6.2, 6.4.0-6.4.11, 7.0.0-7.0.9, and 7.2.0-7.2.3, and system administrators are advised to update these to the newest versions as soon as possible. The relevant versions are 6.4.12, 7.0.10, and 7.2.4, respectively.
Although the company has not confirmed whether the vulnerability was exploited in the wild before corrections were issued, a Fortinet report released last week revealed that exploits for cve-2022-41328 were already being used in attempts to hack and disconnect Fortigate firewalls belonging to a company customer.
Further investigation indicated that the attackers had modified the image of the device to launch a payload directly during systemic initialization. Malicious software could also enable attackers to upload and record files, steal data, or open remote shells.
According to Fortinet, the attacks were targeted, with some data pointing to the attackers’ preference for government networks. They also demonstrated advanced capabilities in redesigning parts of the Fortigate operating system, which required a deep understanding of Fortios and basic equipment.
Fortinet customers have been advised to switch to the proposed version of Fortios as soon as possible to prevent possible attack attempts.