An alleged Chinese hacking organisation has been connected to the zero-day exploitation of a now-patched medium-severity security hole in the Fortinet FortiOS operating system. The activity cluster is a part of a larger campaign to install backdoors onto Fortinet and VMware products and maintain persistent access to target environments, according to threat intelligence company Mandiant, which made the attribution. The malicious activity is being tracked by the Google-owned threat intelligence and incident response company under the uncategorized identifier UNC3886, which it describes as a threat actor with a China link. "UNC3886 is an advanced cyber espionage group with unique capabilities in how they operate on-network as well as the tools they utilize in their campaigns," Mandiant researchers said in a technical analysis.
Read the full article here.
