Attackers Crafted Custom Malware for Fortinet Zero-Day

20-Jan-23

Mandiant researchers claim that the “BoldMove” backdoor shows a high degree of FortiOS understanding and that the attacker looks to be headquartered in China. Researchers have discovered a sophisticated new backdoor created expressly to operate on Fortinet’s FortiGate firewalls after collecting data related to a newly published zero-day vulnerability in the company’s FortiOS SSL-VPN technology. The virus appears to have been created by a threat actor with a base in China that conducts cyberespionage operations against individuals and groups associated with the government. According to a study released by Mandiant this week, it is the most recent instance of attackers from the nation attacking firewalls, IPS, IDS, and other Internet-facing technology used by businesses to secure their networks.

Read More…