HQ/EMEAFind out how we can help your business
Cybersecurity researchers discovered that the Chinese threat actors, UNC3886, have been targeting chip-based firewalls and virtualisation boxes to execute their campaigns. A research group believed the Beijing-based group had been the culprit of these attacks.
The research post stated last week that the group leveraged a previously unpatched path transversal zero-day flaw in the Fortinet operating system. The attackers used the CVE-2022-41328 flaw to establish persistence on FortiGate and FortiManager products.
These penetration tactics could provide the adversary with years of uninterrupted access to internal networks.
UNC3886 is also involved in another incident that exploits a Fortinet zero-day flaw.
According to investigations, UNC3886 has a cluster of threats that targets a Fortinet zero-day that involves a backdoor custom-made to operate FortiGate firewalls.
The confirmed victims of these campaigns include organisations such as telecommunications, technology, government agencies, and defence firms.
These targets are common prey for Chinese hackers since Beijing-based threat groups have a long-standing reputation and practice of stealing trade secrets to keep up with their rival countries.
The United States intelligence agencies recently classified China as one of the countries with the broadest, most active, and most persistent cyberespionage groups targeting the US government and private-sector networks.
Fortunately, the United Kingdom has recently revealed a new national agency working with the private sector to thwart national security threats, such as foreign hackers and state-sponsored groups.
This announcement from the UK came just days after a cybersecurity group identified an alleged Chinese operation that targets the SonicWall Secure Mobile Access appliance. Some researchers believe this group is also responsible for the attack on the VMware ESXi servers in September last year.
State-sponsored threat groups with a deep understanding of complex targets not protected by regular endpoint scanning solutions have been a considerable challenge for many researchers.
These instances have affected many appliances that could not detect runtime operations for underlying operating systems. Hence, these products need the direct assistance of the manufacturer to harvest forensic images. Therefore, sophisticated threat groups will likely continue their campaign against appliances that cannot keep up with the sophistication of looming threats.
