China’s BrazenBamboo Strikes Again: DeepData Malware Exploits FortiClient VPN Flaw!

China-linked actor BrazenBamboo is exploiting a FortiClient VPN zero-day using their custom malware, DeepData. This vulnerability lets them steal user credentials and server details. Despite being reported in July, it’s still unresolved. Experts recommend restricting VPN access and monitoring for unusual login activity.

Pro Dashboard

Hot Take:

Forget ‘Forti-fied’ security; with China-linked BrazenBamboo’s DEEPDATA malware, it looks like Fortinet’s VPN client is more like a ‘Forti-gotten’ bastion of safety. It’s a zero-day fiesta, and your credentials are the uninvited guests of honor!

Key Points:

  • BrazenBamboo exploits Fortinet VPN zero-day using DEEPDATA malware.
  • DEEPDATA is a modular post-exploitation tool for Windows systems.
  • User credentials are vulnerable post-authentication due to memory retention.
  • Volexity discovered and reported the flaw in July 2024, with no fix yet.
  • Recommendations include restricting VPN access and monitoring logins.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?