Fortinet says that an unknown threat actor exploited a critical flaw in its FortiOS SSL-VPN to infect systems at government and government-related organizations. Fortinet released a fix for the heap-based buffer overflow vulnerability (CVE-2022-42475) late last year. FortiOS SSL-VPN version 7.2.8 was released at the end of November; Fortinet published an advisory on December 12. In a January 11 blog post, Fortinet “details [their] initial investigation into this malware and additional IoCs identified during … ongoing analysis.” Ref https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
