A new malware campaign called UMBRELLA STAND has been discovered targeting Fortinet FortiGate 100D firewalls through stealthy backdoor access and encrypted channels. The campaign demonstrates advanced persistence techniques and evasion strategies, raising concerns about cyber-espionage against critical infrastructure. #UMBRELLASTAND #Fortinet #NCSC
Keypoints
- UMBRELLA STAND exploits vulnerabilities to gain long-term access to target networks.
- The malware operates within embedded devices and can execute shell commands and manipulate system behavior.
- The threat uses fake TLS beacons over port 443 to disguise communications with its control servers.
- Persistence is maintained through reboot hooking, dynamic linker hijacking, and process masquerading.
- Indicators of compromise include specific C2 IP, hidden directories, and encrypted strings, with detection aided by released YARA rules.