According to Mandiant, this malware family is attributed to potential chinese background and directly related to observed exploitation of Fortinet's SSL-VPN (CVE-2022-42475). There is also a Windows variant.
|2023-01-20 ⋅ The Hacker News ⋅ |
Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware
|2023-01-19 ⋅ Mandiant ⋅ |
Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
There is no Yara-Signature yet.