Fortinet warned organizations on Wednesday that APTs linked to China and other countries have been exploiting two known FortiOS vulnerabilities in attacks aimed at various sectors, including critical infrastructure.
One of the exploited vulnerabilities is CVE-2022-42475, which Fortinet patched in December 2022, when it warned that it had been aware of in-the-wild exploitation.
Chinese threat actors had exploited the flaw as a zero-day in attacks aimed at government and other types of organizations.
The second vulnerability described in Fortinet's new warning is CVE-2023-27997, which came to light in June 2023, when the cybersecurity firm informed customers that it had been exploited as a zero-day in limited attacks.
Fortinet noted on Wednesday that some customers have yet to patch the two FortiOS vulnerabilities and the company has seen several attacks and attack clusters, including ones aimed at the government, service provider, manufacturing, consultancy, and critical infrastructure sectors.
The company has shared technical details and indicators of compromise to help organizations detect and investigate attacks.
The collected evidence suggests that these attacks may have been conducted by the Chinese threat groups tracked as Volt Typhoon, APT15, and APT31.
Volt Typhoon is believed to have hacked into the networks of many organizations.
In addition to vulnerable Fortinet devices, Volt Typhoon has been known to target Cisco and Netgear products.
Fortinet also noted on Wednesday that some of the attacks exploiting the FortiOS vulnerabilities may have been conducted by UNC757, a threat actor previously linked to Iran.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 08 Feb 2024 15:13:04 +0000