China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

November 19, 2024 at 06:11PM Chinese government-affiliated hackers are exploiting a zero-day vulnerability in Fortinet’s Windows VPN client to steal sensitive information, including credentials. Volexity identified the issue and reported it to Fortinet, which has yet to release a fix. The attackers use a tool called DeepData, capable of extensive data theft. ### Meeting Takeaways … Read more

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report

November 18, 2024 at 07:19AM DeepData malware, developed by the China-linked APT41 (BrazenBamboo), exploits a zero-day vulnerability in Fortinet’s Windows VPN to steal credentials. It uses plugins for data surveillance and has similarities with the LightSpy malware. Volexity reports its capabilities and infrastructure, revealing significant operational resources behind these attacks. **Meeting Takeaways:** 1. **DeepData Malware … Read more