New Boldmove Linux Malware Used to Backdoor Fortinet Devices
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware.
The vulnerability is tracked as CVE-2022-42475 and was quietly fixed by Fortinet in November. Fortinet publicly disclosed the vulnerability in December, urging customers to patch their devices as threat actors were actively exploiting the flaw.
The flaw allows remote unauthenticated attackers to crash targeted devices remotely or gain remote code execution.
However, it was not until this month that Fortinet shared more details about how hackers exploited it, explaining that threat actors had targeted government entities with custom malware specifically designed to run on FortiOS devices.