Update now — Fortinet Windows VPN hacked to steal user data
techradar.com- Researchers spot Chinese threat actor stealing login credentials from Fortinet VPN
- Thefts carried out with the help of a vulnerability discovered in 2023
- The bug is yet to be addressed, or even assigned a CVE
Cybersecurity researchers has revealed that for months now, Fortinet’s Windows VPN client has been vulnerable to a flaw which allows threat actors to steal user credentials - and Chinese hackers have reportedly now started exploiting the bug and stealing the data.
Experts from Volexity have published an in-depth report on a piece of malware called DeepData. This malware was used by a Chinese threat actor known as BrazenBamboo to steal login credentials, and VPN server information from Fortinet VPNs.
As the experts explain, after a user logs into the VPN, user credentials remain in process memory. DeepData can find and decrypt JSON objects in the client’s process memory, effectively stealing ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE