1. Fortinet flaw Zero-day’ed by nation state actors: In October 2024, Fortinet warned about a critical (CVSS 9.8/10) RCE vulnerability, tracked as CVE-2024-47575, in its FortiManager platform, actively exploited by attackers to exfiltrate sensitive data like IP addresses, credentials, and configurations. No malware or backdoors were found. This flaw, exploited in the wild, has been linked to nation-state actors, such as China-backed Volt Typhoon, who have used similar Fortinet vulnerabilities for cyber espionage.
2. Check Point bug enabled Iranian hacks: In August, CISA issued a warning about a critical flaw (CVE-2024-24919) in CheckPoint’s security gateway software. The vulnerability, which had a high CVSS score (8.6/10), allowed attackers like Pioneer Kitten and Peach Sandstorm, Iranian hacker groups, to exploit information disclosure weaknesses in the company’s security solutions. Active exploitation in the wild was reported, with attackers leveraging the flaw to access sensitive data from systems using VPN and mobile access blades.Â
3. Ivanti Connect flaws found Chinese abuse: In December 2023, researchers uncovered two chained zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti’s Connect Secure and Policy Secure gateways, exploited by Chinese state-sponsored actors. These flaws allowed unauthenticated remote code execution, enabling attackers to steal configurations, alter files, and set up reverse tunnels from compromised VPN appliances. Targeting critical sectors like healthcare and manufacturing, the attackers leveraged advanced lateral movement and persistence techniques to access intellectual property and sensitive data. The campaign highlighted the risks of unpatched enterprise software, with Ivanti scrambling to release mitigations while working on patches.