216.73.217.50

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

· Published 18/11/2024 23:40 · Modified 19/11/2024 15:04

Export JSON

Essential information

Published
18/11/2024 23:40
Modified
19/11/2024 15:04
Tags
2024-11-18 chinese hackers credential-theft deepdata deeppost espionage forticlient lightspy post-exploitation vpn zero-day
Related entities
1 intrusion sets (apt), 10 techniques (mitre), 3 malware, 1 others

Description

Chinese threat actors, known as BrazenBamboo, are exploiting a vulnerability in Fortinet's Windows client to steal credentials. The hackers use a custom toolkit called , which includes a plugin to extract usernames, passwords, and server information from the process memory. Volexity researchers discovered the flaw in July 2024 and reported it to Fortinet, but it remains unresolved. The vulnerability allows attackers to dump credentials from memory after user authentication. BrazenBamboo is known for deploying advanced malware targeting multiple platforms in surveillance operations. By compromising accounts, they can gain initial access to corporate networks and expand campaigns.

External references