Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
Nov 16, 2024 Vulnerability / VPN Security
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA . Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, DEEPPOST, and LightSpy . “DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices,” security researchers Callum Roxan, Charlie Gardner, and Paul Rascagneres said in a technical report. The malware first came to light earlier this week, when BlackBerry detailed the Windows-based surveillance framework as used by the China-linked APT41 threat actor to harvest data from WhatsApp, Telegram, Signal, WeChat, LINE, QQ, Skype, Microsoft Outlook, DingDing, Feishu, KeePass, as well as applic