China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.

The Volexity threat intelligence team reported the zero-day vulnerability to Fortinet on July 18 after identifying its exploitation in the wild. Fortinet acknowledged the issue on July 24, according to a November 15 report by the vendor’s Callum Roxan, Charlie Gardner, and Paul Rascagneres.

"At the time of writing, this issue remains unresolved and Volexity is not aware of an assigned CVE number," the trio wrote.

Fortinet did not respond to The Register's inquiries regarding a fix for the flaw and whether the vendor is aware of anyone exploiting the vulnerability. We will update this story if Fortinet replies.

According to Volexity, however, a Beijing-backed crew it tracks as “BrazenBamboo” has been exploiting the Fortinet flaw and also developed a post-exploit tool ...