{"id":1451,"date":"2024-11-18T13:02:50","date_gmt":"2024-11-18T13:02:50","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1451"},"modified":"2024-11-18T13:02:50","modified_gmt":"2024-11-18T13:02:50","slug":"fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/","title":{"rendered":"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report"},"content":{"rendered":"<p><strong>The recently detailed DeepData malware framework was caught exploiting a zero-day vulnerability in the Fortinet VPN client for Windows to steal credentials, cybersecurity firm Volexity reports.<\/strong><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/lightspy-ios-spyware-operation-expands-to-windows\/\">DeepData is a surveillance framework<\/a>\u00a0that relies on multiple plugins to target sensitive information stored in browsers, communication applications, and password managers, and which can record audio using the system\u2019s microphone.<\/p>\n<p>According to BlackBerry, both DeepData and the\u00a0<a href=\"https:\/\/www.securityweek.com\/recent-version-of-lightspy-ios-malware-packs-destructive-capabilities\/\">LightSpy iOS malware<\/a>\u00a0have been used by China-lined advanced persistent threat (APT) actor APT41 to spy on journalists, politicians, and political activists in Southeast Asia.<\/p>\n<p>On Friday, Volexity revealed that DeepData was seen targeting Fortinet\u2019s Windows VPN client to extract usernames, passwords, and other information from the process\u2019 memory, by\u00a0<a href=\"https:\/\/www.volexity.com\/blog\/2024\/11\/15\/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata\/\" target=\"_blank\" rel=\"noopener\" data-target-set=\"true\">exploiting a zero-day<\/a>\u00a0vulnerability.<\/p>\n<p>The bug, reported to Fortinet in July, when it was confirmed to be affecting the latest iteration of Fortinet\u2019s VPN available at the time, does not have a CVE identifier and appears to have remained unpatched, the cybersecurity firm says.<\/p>\n<p><em>SecurityWeek<\/em>\u00a0has emailed Fortinet for a statement on the matter and will update this article as soon as a reply arrives.<\/p>\n<p>Volexity also notes that the DeepData framework has been developed by a China-linked state-sponsored threat actor tracked as BrazenBamboo, which has also created LightSpy and the DeepPost post-exploitation data exfiltration tool.<\/p>\n<p>The cybersecurity firm has observed similarities between DeepData and LightSpy, including plugin file and function names, shared program database development paths, shared formatting for certain JSON files, similar plugin code execution flaws, and infrastructure overlaps.<\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/\">Read the Full Story Here<\/a><\/p>\n<p>Source: Security Week<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The recently detailed DeepData malware framework was caught exploiting a zero-day vulnerability in the Fortinet VPN client for Windows to steal credentials, cybersecurity firm Volexity reports. DeepData is a surveillance framework\u00a0that relies on multiple plugins to target sensitive information stored in browsers, communication applications, and password managers, and which can record audio using the system\u2019s [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1077,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1451","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - Community\" \/>\n<meta property=\"og:description\" content=\"The recently detailed DeepData malware framework was caught exploiting a zero-day vulnerability in the Fortinet VPN client for Windows to steal credentials, cybersecurity firm Volexity reports. DeepData is a surveillance framework\u00a0that relies on multiple plugins to target sensitive information stored in browsers, communication applications, and password managers, and which can record audio using the system\u2019s [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-18T13:02:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"1920\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/\",\"name\":\"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg\",\"datePublished\":\"2024-11-18T13:02:50+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg\",\"width\":1280,\"height\":1920},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/","og_locale":"en_US","og_type":"article","og_title":"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - Community","og_description":"The recently detailed DeepData malware framework was caught exploiting a zero-day vulnerability in the Fortinet VPN client for Windows to steal credentials, cybersecurity firm Volexity reports. DeepData is a surveillance framework\u00a0that relies on multiple plugins to target sensitive information stored in browsers, communication applications, and password managers, and which can record audio using the system\u2019s [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2024-11-18T13:02:50+00:00","og_image":[{"width":1280,"height":1920,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/","name":"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg","datePublished":"2024-11-18T13:02:50+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2023\/09\/whitehathacker.jpg","width":1280,"height":1920},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1451"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1451\/revisions"}],"predecessor-version":[{"id":1452,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1451\/revisions\/1452"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1077"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}