Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
Posted: Fri Feb 09, 2024 2:24 am
Fortinet warned organizations on Wednesday that APTs linked to China and other countries have been exploiting two known FortiOS vulnerabilities in attacks aimed at various sectors, including critical infrastructure.
One of the exploited vulnerabilities is CVE-2022-42475, which Fortinet patched in December 2022, when it warned that it had been aware of in-the-wild exploitation. Chinese threat actors had exploited the flaw as a zero-day in attacks aimed at government and other types of organizations.
The second vulnerability described in Fortinet’s new warning is CVE-2023-27997, which came to light in June 2023, when the cybersecurity firm informed customers that it had been exploited as a zero-day in limited attacks.
[...]
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
One of the exploited vulnerabilities is CVE-2022-42475, which Fortinet patched in December 2022, when it warned that it had been aware of in-the-wild exploitation. Chinese threat actors had exploited the flaw as a zero-day in attacks aimed at government and other types of organizations.
The second vulnerability described in Fortinet’s new warning is CVE-2023-27997, which came to light in June 2023, when the cybersecurity firm informed customers that it had been exploited as a zero-day in limited attacks.
[...]
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks