An alleged Chinese hacking organisation has been connected to the zero-day exploitation of a now-patched medium-severity security hole in the Fortinet FortiOS operating system. The malicious activity is being tracked by the Google-owned threat intelligence and incident response company under the uncategorized identifier UNC3886, which it describes as a threat actor with a China link.
The activity cluster is a part of a larger campaign to install backdoors onto Fortinet and VMware products and maintain persistent access to target environments, according to threat intelligence company Mandiant, which made the attribution.