THREAT OPS › Threat News › BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
<p><!-- START MG ACF TO CONTENT --></p> <div style="display: none;"> <section class="mgpb-hero mgpb-hero--detail mgpb-hero--black mgpb-hero--background-image mgpb-hero--image"> <div class="mgpb-hero__image mgpb-hero__image--background"> <img alt="" class="attachment-16-9-large size-16-9-large" height="1080" src="https://www.volexity.com/wp-content/uploads/2024/11/Volexity-Blog-BrazenBamboo-Weap
Attributed threat actors
- Earth LuscaG1006
- APT41G0096
MITRE ATT&CK techniques
Indicators of compromise
- 666a4c569d435d0e6bf9fa4d337d1bf014952b42cc6d20e797db6c9df92dd724sha256
- f4e72145e761bcc8226353bb121eb8e549dc0000c6535bfa627795351037dc8esha256
- 20214e2e93b1bb37108aa1b8666f6406fabca8a0sha1
- 533297a7084039bf6bda702b752e6b82md5
- https://fortiguard.fortinet.com/psirt/FG-IR-23-278url
- https://www.threatfabric.com/blogs/lightspy-implant-for-iosurl
- https://blogs.blackberry.com/en/2024/11/lightspy-apt41-deploys-advanced-deepdata-framework-in-targeted-southern-asia-espionage-campaignurl
- https://www.zdnet.com/article/malware-authors-are-still-abusing-the-heavens-gate-technique/url
- https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41url
- https://www.threatfabric.com/blogs/lightspy-mapt-mobile-payment-system-attack#attributionurl
- https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computerurl
- https://www.threatfabric.com/blogs/lightspy-implant-for-macos#infrastructureurl
- https://www.threatfabric.com/blogs/lightspy-implant-for-macosurl
- https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-tools-and-connections/#id3-6url
- https://vuejs.org/url
- https://router.vuejs.org/guide/advanced/lazy-loading.htmlurl
- https://www.fbi.gov/wanted/cyber/apt-41-groupurl
- https://harfanglab.io/insidethelab/isoon-leak-analysis/url
- 103.27.109.217ipv4
- 103.27.108.207ipv4
- 121.201.109.98ipv4
- documents.trendmicro.comdomain
- wx.mail.comdomain
- jd.comdomain
- qunar.comdomain