China’s BrazenBamboo Strikes Again: DeepData Malware Exploits FortiClient VPN Flaw!
China-linked actor BrazenBamboo is exploiting a FortiClient VPN zero-day using their custom malware, DeepData. This vulnerability lets them steal user credentials and server details. Despite being reported in July, it’s still unresolved. Experts recommend restricting VPN access and monitoring for unusual login activity.

Hot Take:
Forget ‘Forti-fied’ security; with China-linked BrazenBamboo’s DEEPDATA malware, it looks like Fortinet’s VPN client is more like a ‘Forti-gotten’ bastion of safety. It’s a zero-day fiesta, and your credentials are the uninvited guests of honor!
Key Points:
- BrazenBamboo exploits Fortinet VPN zero-day using DEEPDATA malware.
- DEEPDATA is a modular post-exploitation tool for Windows systems.
- User credentials are vulnerable post-authentication due to memory retention.
- Volexity discovered and reported the flaw in July 2024, with no fix yet.
- Recommendations include restricting VPN access and monitoring logins.
Already a member? Log in here