zCat on Nostr: Chinese hackers exploit Fortinet VPN zero-day to steal credentials Chinese threat ...
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials.
The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device
Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but the issue remains unfixed, and no CVE has been assigned to it.
See more: https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/
#cybersecurity #zeroday
Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials.
The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device
Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but the issue remains unfixed, and no CVE has been assigned to it.
See more: https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/
#cybersecurity #zeroday
quoting nevent1q…9mu2Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report
The recently detailed DeepData malware framework was caught exploiting a zero-day vulnerability in the Fortinet VPN client for Windows to steal credentials, cybersecurity firm Volexity reports.
DeepData is a surveillance framework that relies on multiple plugins to target sensitive information stored in browsers, communication applications, and password managers, and which can record audio using the system’s microphone.
According to BlackBerry, both DeepData and the LightSpy iOS malware have been used by China-lined advanced persistent threat (APT) actor APT41 to spy on journalists, politicians, and political activists in Southeast Asia.
On Friday, Volexity revealed that DeepData was seen targeting Fortinet’s Windows VPN client to extract usernames, passwords, and other information from the process’ memory, by exploiting a zero-day vulnerability.
See more: https://www.securityweek.com/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report/
#cybersecurity #malware #zeroday
nevent1q…m0h0