At a glance.
- Chinese threat actor deploys BOLDMOVE backdoor against FortiOS.
- Credential stuffing afflicts PayPal users.
- T-Mobile discloses a data breach.
- Cyberattack hits Nunavut utility.
- Wagner Group sponsors a hackathon.
- Gamaredon APT runs Telegraph phishing against Ukrainian targets.
- CISA releases one ICS advisory.
Chinese threat actor deploys BOLDMOVE backdoor against FortiOS.
A suspected Chinese threat actor is exploiting a recently patched critical flaw in Fortinet's FortiOS SSL-VPN, according to researchers at Mandiant. The threat actor began exploiting the vulnerability in October 2022, months before the flaw was disclosed publicly. Fortinet issued an advisory on December 12th rating the vulnerability as “critical,” noting that the company was “aware of an instance where this vulnerability was exploited in the wild.” Mandiant says the threat actor targeted “a European government entity and a managed service provider located in Africa.” The researchers discovered a new malware dubbed “BOLDMOVE” that was developed to exploit this vulnerability; the threat actor appears to be sophisticated and well-funded. For more on BoldMove, see CyberWire Pro.