back to article Here's how Chinese cyber spies exploited a critical Fortinet bug

Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers. Fortinet fixed the path transversal vulnerability in FortiOS, tracked as CVE-2022-41328, earlier this month. So get patching, if you …

  1. Richard 12 Silver badge

    The entire purpose of Fortigate and similar devices is to man-in-the-middle everyone in an organisation, so they are possibly the most valuable target possible for any miscreant.

    Once they've got that, they can poison anything and everything.

    There's no need to actually attack, they can just wait for users and administrators to download legitimate files and installers they need to do their work, then silently redirect them to whatever they wish, even signing their malicious payloads with the root certificates the IT dept carefully installed on everyone's computers to enable the MitM functionality.

    Seems to me that Fortigate is the perfect trojan horse.

    1. ChipsforBreakfast

      The obsession with monitoring everything and knowing down to the last packet what got transferred over your network is fast being shown for what it is - a clear and present danger to the security of your network & everyone using it.

      If you deliberately break protocols designed to ensure the privacy, security and integrity of your data then you really shouldn't be surprised when an attacker takes advantage of your hard work. Same argument applies to this as applies to all those TLA's wanting to break end to end encryption to 'protect' us - what's broken is broken and whether it's broken by the good guys or the bad guys doesn't really matter - it's still broken and ANYONE can take advantage of it.

      Do we really need to peer inside every packet at the gateway - my view is no, we don't.

  2. Anonymous Coward
    IT Angle

    Suspected Chinese criminal spys?

    Technically speaking it isn't a crime to access computers in another jurisdiction when there is no extradiction treaty. Besides, it's very careless of these Chinese spys using an IP address registred to themselves /s

    "CVE-2022-41328: A[n] improper limitation of a pathname to a .."

    1. Version 1.0 Silver badge
      Thumb Down

      Re: Suspected Chinese criminal spys?

      I guess we are thinking that these hacker criminals are not smart enough to avoid revealing their IP addresses - but couldn't a criminal smart enough to create these malware infections, also be smart enough to hide their location by hacking someone else to deliver the malware? Basically the internet environment makes it possible to be located in one place and appear to be somewhere else - so it's not easy to know where all this activity actually exists.

  3. VoiceOfTruth

    Can you do an article on suspected American spies targeting China or Chinese people

    You should have ample material to draw on.

  4. Paul Crawford Silver badge

    There are times when I am glad we have had to use open-source networking software on cheap kit instead of fancy security appliances. But having the money to be free to chose would be even nicer!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like