Connect with Us!
Subscribe to receive new blog post from PureID in your mail box
A critical zero-day vulnerability in Fortinet's Windows VPN client, FortiClient, has been exploited by a Chinese-linked threat actor known as BrazenBamboo. This flaw, reported by cybersecurity firm Volexity, remains unpatched, leaving organizations vulnerable to credential theft and espionage. The attackers employ a modular malware framework called DeepData, which specializes in extracting sensitive information from compromised systems.
The FortiClient zero-day allows credentials, including usernames, passwords, and VPN server details, to persist in process memory after authentication. The DeepData malware exploits this vulnerability using a FortiClient plugin, leveraging the stored JSON objects in memory to exfiltrate data.
Key facts about the vulnerability:
BrazenBamboo developed a sophisticated post-exploitation tool called DeepData. It is modular, utilizing plugins to target a wide range of sensitive data.
DeepData also integrates with another BrazenBamboo tool, DeepPost, to exfiltrate stolen data to command-and-control (C2) servers.
Volexity attributes DeepData's development to BrazenBamboo, a Chinese state-sponsored group also linked to LightSpy and DeepPost malware. These tools have been used in campaigns targeting Southeast Asian journalists, activists, and politicians.
Organizations should implement the following measures while waiting for a patch:
The ongoing exploitation of Fortinet’s VPN client zero-day by BrazenBamboo underscores the urgency of addressing vulnerabilities promptly.
Proactive measures and modern solutions are the keys to staying resilient in an evolving cybersecurity landscape. It's time for organizations to transition to secure-by-design platforms instead of relying on password and credential-based authentication. If something can be stolen, it will be. Using solutions like PureAuth for passwordless authentication and access management ensures your organization is safe and your data is secure by design and default. By eliminating passwords—a common attack vector—you can significantly enhance your security posture and stay ahead of sophisticated threats like BrazenBamboo. #gopasswordless
Fortinet Leaked Credentials to fuel more Breaches!
Fortinet Data Breach: Insights and Implications for Cloud Security
Subscribe to receive new blog post from PureID in your mail box