Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Chinese hackers exploit zero day vulnerabilities in networking devices

Chinese hackers exploit zero day vulnerabilities in networking devices

Chinese hackers exploit zero day vulnerabilities in networking devices

Chinese hackers are exploiting zero day vulnerabilities in networking devices, followed by the installation of custom implants, reported The Hacker News.

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero day attack targeting a European government entity and a managed service provider (MSP) located in Africa.

The latest findings from Mandiant indicate that the threat actor abused the vulnerability as a zero day to its advantage and breached targeted networks for espionage operations, reported The Hacker News.

“The exploitation of zero day vulnerabilities in networking devices, followed by the installation of custom implants, is consistent with previous Chinese exploitation of networking devices,” Mandiant noted.

Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were released.

“This incident continues China’s pattern of exploiting internet-facing devices, specifically those used for managed security purposes (e.g., firewalls, IPSIDS appliances, etc.),” Mandiant researchers said in a technical report.

The attacks entailed the use of a sophisticated backdoor dubbed BOLDMOVE, a Linux variant of which is specifically designed to run on Fortinet’s FortiGate firewalls, reported The Hacker News.

The intrusion vector in question relates to the exploitation of CVE-2022-42475, a heap-based buffer overflow vulnerability in FortiOS SSL-VPN that could result in unauthenticated remote code execution via specifically crafted requests.

Earlier this month, Fortinet disclosed that unknown hacking groups have capitalized on the shortcoming to target governments and other large organizations with a generic Linux implant capable of delivering additional payloads and executing commands sent by a remote server, reported The Hacker News.

“With BOLDMOVE, the attackers not only developed an exploit, but malware that shows an in-depth understanding of systems, services, logging, and undocumented proprietary formats,” said the threat intelligence firm Mandiant.

The malware, written in C, is said to have both Windows and Linux flavors, with the latter capable of reading data from a file format that’s proprietary to Fortinet. Metadata analysis of the Windows variants of the backdoor shows that they were compiled as far back as 2021, although no samples have been detected in the wild, reported The Hacker News.

BOLDMOVE is designed to carry out a system survey and is capable of receiving commands from a command-and-control (C2) server that in turn allows attackers to perform file operations, spawn a remote shell, and relay traffic via the infected host.

An extended Linux sample of the malware comes with extra features to disable and manipulate logging features in an attempt to avoid detection, corroborating Fortinet’s report.

Zero day is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term zero day refers to the fact that the vendor or developer has only just learned of the flaw – which means they have zero days to fix it. A zero day attack takes place when hackers exploit the flaw before developers have a chance to address it.

Software often has security vulnerabilities that hackers can exploit to cause havoc. Software developers are always looking out for vulnerabilities to patch – that is, develop a solution that they release in a new update.

However, sometimes hackers or malicious actors spot the vulnerability before the software developers do. While the vulnerability is still open, attackers can write and implement code to take advantage of it. This is known as exploit code.

The exploit code may lead to the software users being victimized – for example, through identity theft or other forms of cybercrime.

 

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket