The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group.
Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto Fortinet and VMware solutions and maintain persistent access to victim environments.
The Google-owned threat intelligence and incident response firm is tracking the malicious operation under its uncategorized moniker UNC3886, describing it as a China-nexus threat actor.