Suspected Chinese threat actors have exploited a recently fixed Fortinet FortiOS zero-day vulnerability, tracked as CVE-2022-42475, to launch attacks with the new Boldmove malware targeted at a European government organization and an African managed service provider, according to The Record, a news site by cybersecurity firm Recorded Future.
Based on the C programming language, the novel Boldmove malware has Windows and Linux variants, with the latter used to achieve full remote control of Fortinet devices, a report from Mandiant revealed.
Threat actors have yet to leverage the Windows variant of the backdoor, which was compiled in 2021, said researchers, who have associated the attacks with Chinese hackers based on their tactics. Networking devices have been a common target of attacks due to the absence of a mechanism to identify malicious activity.
"This makes network devices a blind spot for security practitioners and allows attackers to hide in them and maintain stealth for long periods, while also using them to gain a foothold in a targeted network," said the report.