Chinese Hackers Targeting Security and Network Appliances

Fortinet Patches Zero-Day Exploited by Suspected Beijing Hacking Group UNC3886 Prajeet Nair (@prajeetspeaks) • March 17, 2023

Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch.

See Also: How to Use Risk Scoring to Propel Your Risk-Based Vulnerability Management Program Forward

Researchers from Mandiant say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes.

The group, it said in a Thursday blog post, exploited a now-patched path transversal zero-day vulnerability tracked as CVE-2022-41328 in the Fortinet operating system in order to gain persistence on FortiGate and FortiManager products. Such penetrations can give hackers years of interrupted access to internal networks.

A threat cluster related to UNC3886 also targeted a Fortinet zero-day in a campaign that involved delivery of a custom backdoor "specifically designed to run on FortiGate firewalls ...