Fortinet warned organizations on Wednesday that APTs linked to China and other countries have been exploiting two known FortiOS vulnerabilities in attacks aimed at various sectors, including critical infrastructure.
One of the exploited vulnerabilities is CVE-2022-42475, which Fortinet patched in December 2022, when it warned that it had been aware of in-the-wild exploitation. Chinese threat actors had exploited the flaw as a zero-day in attacks aimed at government and other types of organizations.
The second vulnerability described in Fortinet’s new warning is CVE-2023-27997, which came to light in June 2023, when the cybersecurity firm informed customers that it had been exploited as a zero-day in limited attacks.
Fortinet noted on Wednesday that some customers have yet to patch the two FortiOS vulnerabilities and the company has seen several attacks and attack clusters, including ones aimed at the government, service provider, manufacturing, consultancy, and critical infrastructure sectors.
The company has shared technical details and indicators of compromise (IoCs) to help organizations detect and investigate attacks.
The collected evidence suggests that these attacks may have been conducted by the Chinese threat groups tracked as Volt Typhoon, APT15, and APT31.
Volt Typhoon is believed to have hacked into the networks of many organizations. In a new alert coinciding with Fortinet’s analysis, the US security agency CISA said the Chinese hackers are “pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions.”
CISA also found “indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years.”
In addition to vulnerable Fortinet devices, Volt Typhoon has been known to target Cisco and Netgear products.
Fortinet also noted on Wednesday that some of the attacks exploiting the FortiOS vulnerabilities may have been conducted by UNC757, a threat actor previously linked to Iran.
Related: Fortinet Patches Critical Vulnerabilities in FortiSIEM
Related: Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
