Chinese hackers exploit Fortinet VPN zero-day to steal credentials

SUMMARY :

Chinese threat actors, known as BrazenBamboo, are exploiting a zero-day vulnerability in Fortinet's FortiClient Windows VPN client to steal credentials. The hackers use a custom post-exploitation toolkit called DeepData, which includes a FortiClient plugin to extract usernames, passwords, and VPN server information from the process memory. Volexity researchers discovered the flaw in July 2024 and reported it to Fortinet, but it remains unresolved. The vulnerability allows attackers to dump credentials from memory after user authentication. BrazenBamboo is known for deploying advanced malware targeting multiple platforms in surveillance operations. By compromising VPN accounts, they can gain initial access to corporate networks and expand espionage campaigns.

OPENCTI LABELS :

espionage,vpn,credential theft,zero-day,lightspy,post-exploitation,chinese hackers,deeppost,deepdata,forticlient


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Chinese hackers exploit Fortinet VPN zero-day to steal credentials