"FortiOS Flaw Was Exploited to Compromise Governmental Targets (CVE-2022-42475)"
A critical vulnerability in FortiOS SSL-VPN, tracked as CVE-2022-42475, for which Fortinet released updates in November 2022, has been exploited by attackers to compromise government or government-related targets, according to the company. According to Fortinet, the attackers possess advanced capabilities, as they were able to reverse-engineer several FortiOS components to help in the building of the exploit, and they used a Linux-based implant that was specifically designed to function on that operating system. Additionally, they noted that the malware could modify log files to prevent detection. It looks for elog files, which are logs of FortiOS events. After decompressing them in memory, it searches for a string specified by the attacker, deletes it, and reassembles the logs. The malware can terminate logging activities. This article continues to discuss the FortiOS vulnerability used to compromise governmental or government-related targets.