CINXE.COM

<!DOCTYPE html>      <html lang="en-US" class="no-js">  <meta charset="UTF-8"> <title>China Archives | Volexity</title> <meta name="HandheldFriendly" content="True"> <meta name="MobileOptimized" content="320"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="cleartype" content="on"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@Volexity"> <meta name="twitter:creator" content="@Volexity"> <meta name="twitter:title" content="BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA"> <meta name="twitter:description" content="KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet's Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the LIGHTSPY malware family. LIGHTSPY variants have been discovered for all major operating systems, including iOS, and Volexity has recently discovered a new Windows variant. In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to […]"> <meta name="twitter:image" content="https://www.volexity.com/wp-content/uploads/2024/11/Volexity-Blog-BrazenBamboo-Weaponizes-FortiClient-Vulnerability-to-Steal-VPN-Credentials-via-DEEPDATA.png"> <link rel="apple-touch-icon" sizes="180x180" href="https://www.volexity.com/wp-content/themes/volexity/apple-touch-icon.png"> <link rel="icon" type="image/png" href="https://www.volexity.com/wp-content/themes/volexity/favicon-32x32.png" sizes="32x32"> <link rel="icon" type="image/png" href="https://www.volexity.com/wp-content/themes/volexity/favicon-16x16.png" sizes="16x16"> <link rel="icon" type="image/png" href="https://www.volexity.com/wp-content/themes/volexity/favicon.ico"> <link rel="manifest" href="https://www.volexity.com/wp-content/themes/volexity/manifest.json"> <meta name="theme-color" content="#12BEF0"> <meta property="og:image" content="https://www.volexity.com/wp-content/uploads/2024/11/Volexity-Blog-BrazenBamboo-Weaponizes-FortiClient-Vulnerability-to-Steal-VPN-Credentials-via-DEEPDATA-300x157.png" />  <script async src="https://www.googletagmanager.com/gtag/js?id=G-WRSX85NK29"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-WRSX85NK29'); </script> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />  <link rel="canonical" href="https://www.volexity.com/blog/tag/china/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="China Archives" /> <meta property="og:url" content="https://www.volexity.com/blog/tag/china/" /> <meta property="og:site_name" content="Volexity" /> <meta property="og:image" content="https://www.volexity.com/wp-content/uploads/2018/01/Volexity-Logo-Full-Stacked-2019-1000px.jpg" /> <meta property="og:image:width" content="1000" /> <meta property="og:image:height" content="1000" /> <meta property="og:image:type" content="image/jpeg" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"CollectionPage","@id":"https://www.volexity.com/blog/tag/china/","url":"https://www.volexity.com/blog/tag/china/","name":"China Archives | Volexity","isPartOf":{"@id":"https://www.volexity.com/#website"},"primaryImageOfPage":{"@id":"https://www.volexity.com/blog/tag/china/#primaryimage"},"image":{"@id":"https://www.volexity.com/blog/tag/china/#primaryimage"},"thumbnailUrl":"https://www.volexity.com/wp-content/uploads/2024/11/Volexity-Blog-BrazenBamboo-Weaponizes-FortiClient-Vulnerability-to-Steal-VPN-Credentials-via-DEEPDATA.png","breadcrumb":{"@id":"https://www.volexity.com/blog/tag/china/#breadcrumb"},"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.volexity.com/blog/tag/china/#primaryimage","url":"https://www.volexity.com/wp-content/uploads/2024/11/Volexity-Blog-BrazenBamboo-Weaponizes-FortiClient-Vulnerability-to-Steal-VPN-Credentials-via-DEEPDATA.png","contentUrl":"https://www.volexity.com/wp-content/uploads/2024/11/Volexity-Blog-BrazenBamboo-Weaponizes-FortiClient-Vulnerability-to-Steal-VPN-Credentials-via-DEEPDATA.png","width":2061,"height":1078,"caption":"Volexity Blog - BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA"},{"@type":"BreadcrumbList","@id":"https://www.volexity.com/blog/tag/china/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.volexity.com/"},{"@type":"ListItem","position":2,"name":"China"}]},{"@type":"WebSite","@id":"https://www.volexity.com/#website","url":"https://www.volexity.com/","name":"Volexity | Memory Forensics, Cybersecurity Threat Intelligence & Incident Response","description":"","publisher":{"@id":"https://www.volexity.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.volexity.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://www.volexity.com/#organization","name":"Volexity Inc.","alternateName":"Volexity - Forensic Memory Analysis","url":"https://www.volexity.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.volexity.com/#/schema/logo/image/","url":"https://www.volexity.com/wp-content/uploads/2018/01/Volexity-Logo-Full-Stacked-2019-1000px.jpg","contentUrl":"https://www.volexity.com/wp-content/uploads/2018/01/Volexity-Logo-Full-Stacked-2019-1000px.jpg","width":1000,"height":1000,"caption":"Volexity Inc."},"image":{"@id":"https://www.volexity.com/#/schema/logo/image/"},"sameAs":["https://www.facebook.com/volexity/","https://x.com/Volexity","https://www.linkedin.com/company/volexity/","https://github.com/volexity","https://infosec.exchange/@volexity"]}]}</script>  <link rel='stylesheet' id='wp-block-library-css' href='https://www.volexity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='cookie-notice-front-css' href='https://www.volexity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18' type='text/css' media='all' /> <link rel='stylesheet' id='main-style-css' href='https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.6.2' type='text/css' media='screen, print' /> <script type="text/javascript" id="cookie-notice-front-js-before"> /* <![CDATA[ */ var cnArgs = {"ajaxUrl":"https:\/\/www.volexity.com\/wp-admin\/admin-ajax.php","nonce":"29bf1dd00d","hideEffect":"fade","position":"bottom","onScroll":false,"onScrollOffset":100,"onClick":false,"cookieName":"cookie_notice_accepted","cookieTime":2592000,"cookieTimeRejected":2592000,"globalCookie":false,"redirection":false,"cache":false,"revokeCookies":false,"revokeCookiesOpt":"automatic"}; /* ]]> */ </script> <script type="text/javascript" src="https://www.volexity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18" id="cookie-notice-front-js"></script> <script type="text/javascript" src="https://www.volexity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://www.volexity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <link rel="https://api.w.org/" href="https://www.volexity.com/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://www.volexity.com/wp-json/wp/v2/tags/42" /> <style type="text/css" id="wp-custom-css"> /* You can add your own CSS here. Click the help icon above to learn more. */ </style>  </head> <body class="archive tag tag-china tag-42 cookies-not-set ie ie7 windows"> <header class="header"> <div class="header-top-container"> <div class="container"> <ul id="menu-sub-left" class="header-sub-left"><li id="menu-item-2116" class="icon-triangle menu-item menu-item-type-post_type menu-item-object-page menu-item-2116"><a href="https://www.volexity.com/company/contact/demo-request/" class="icon-triangle">Request A Demo</a></li> </ul> <ul id="menu-sub-right" class="header-sub-right"><li id="menu-item-1213" class="icon-warning menu-item menu-item-type-post_type menu-item-object-page menu-item-1213"><a href="https://www.volexity.com/company/contact/breach-assistance/" class="icon-warning">Breach Assistance</a></li> </ul> </div> </div> <div class="header-container"> <div class="container"> <a class="header-logo" href="https://www.volexity.com"><img src="https://www.volexity.com/wp-content/themes/volexity/dist/images/logo.png" alt="Volexity"></a> <div class="header-menu"> <ul id="menu-main-navigation" class="header-menu-list"><li id="menu-item-376" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-376"><a href="https://www.volexity.com/products-overview/">Products</a> <ul class="sub-menu"> <li id="menu-item-48" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-48"><a href="https://www.volexity.com/products-overview/">Products Overview</a></li> <li id="menu-item-50" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-50"><a href="https://www.volexity.com/products-overview/volcano/">Volcano</a></li> <li id="menu-item-49" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-49"><a href="https://www.volexity.com/products-overview/surge/">Surge</a></li> </ul> </li> <li id="menu-item-377" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-377"><a href="https://www.volexity.com/services-overview/">Services</a> <ul class="sub-menu"> <li id="menu-item-55" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-55"><a href="https://www.volexity.com/services-overview/">Services Overview</a></li> <li id="menu-item-52" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-52"><a href="https://www.volexity.com/services-overview/incident-response/">Incident Response</a></li> <li id="menu-item-53" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-53"><a href="https://www.volexity.com/services-overview/network-security-monitoring/">Network Security Monitoring</a></li> <li id="menu-item-54" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-54"><a href="https://www.volexity.com/services-overview/proactive-threat-assessments/">Proactive Threat Assessments</a></li> <li id="menu-item-56" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-56"><a href="https://www.volexity.com/services-overview/threat-intelligence/">Threat Intelligence</a></li> <li id="menu-item-2394" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2394"><a href="https://www.volexity.com/services-overview/mergers-acquisitions-cybersecurity-assessments/">M&A Cybersecurity Assessments</a></li> </ul> </li> <li id="menu-item-385" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-385"><a href="https://www.volexity.com/company/about/">Company</a> <ul class="sub-menu"> <li id="menu-item-41" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-41"><a href="https://www.volexity.com/company/about/">About</a></li> <li id="menu-item-43" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-43"><a href="https://www.volexity.com/company/news-press/">News & Press</a></li> <li id="menu-item-1849" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1849"><a href="https://www.volexity.com/company/careers/">Careers</a></li> <li id="menu-item-1824" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1824"><a href="https://www.volexity.com/company/internships/">Internships</a></li> <li id="menu-item-1718" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1718"><a href="https://www.volexity.com/company/resources/">Resources</a></li> </ul> </li> <li id="menu-item-39" class="menu-item menu-item-type-post_type menu-item-object-page current_page_parent menu-item-39"><a href="https://www.volexity.com/blog/">Blog</a></li> <li id="menu-item-45" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-45"><a href="https://www.volexity.com/company/contact/">Contact</a></li> </ul> </div> <div class="mobile-menu--holder"> <div class="mobile-menu"></div> </div> </div> </div> </header> <div class="int-header "> <div class="container"> <section class="int-header-hold col-sm-12"> archive </section> </div> </div> <main class="main"> <div class="container"> <div class="row int"> <section class="col-sm-8"> <h4 class="archive-page-title section-header"> China </h4> <ol class="posts-list alm-reveal"> <li class="post-3346 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-apt tag-brazenbamboo tag-china tag-exploits tag-forticlient tag-fortinet tag-threat-intelligence authortax-callum-roxan authortax-charlie-gardner authortax-paul-rascagneres" id="post-3346" data-url="https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/" data-title="BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/">BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA</a></h2> <p class="post-date">November 15, 2024</p> <p class="post-byline">by Callum Roxan, Charlie Gardner, Paul Rascagneres </p> <div class="post-content post-excerpt composition"><p>KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet’s Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the LIGHTSPY malware family. LIGHTSPY variants have been discovered for all major operating systems, including iOS, and Volexity has recently discovered a new Windows variant. In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/">Read More</a> </div> </li> <li class="post-3294 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-apt tag-china tag-dns-poisoning tag-gimmick tag-macma tag-reloadext tag-stormbamboo authortax-ankur-saini authortax-paul-rascagneres authortax-steven-adair authortax-tom-lancaster" id="post-3294" data-url="https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/" data-title="StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/">StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms</a></h2> <p class="post-date">August 2, 2024</p> <p class="post-byline">by Ankur Saini, Paul Rascagneres, Steven Adair, Tom Lancaster </p> <div class="post-content post-excerpt composition"><p>KEY TAKEAWAYS StormBamboo successfully compromised an internet service provider (ISP) in order to poison DNS responses for target organizations. Insecure software update mechanisms were targeted to surreptitiously install malware on victim machines running macOS and Windows. Malware deployed by StormBamboo includes new variants of the MACMA malware. Analysis of the newest versions of MACMA shows converged development of the MACMA and GIMMICK malware families. Post-exploitation activity included deployment of the malicious browser extension RELOADEXT to exfiltrate victim mail data. In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those incidents, multiple malware families were found being deployed to macOS and Windows systems across the victim organizations’ networks. The infection vector for this malware was initially difficult to establish but later proved to be the result of a DNS poisoning attack […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/">Read More</a> </div> </li> <li class="post-3100 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-apt tag-backdoor tag-china tag-exploit tag-ivanti-connect-secure tag-pulsesecure tag-rce tag-vpn tag-webshell authortax-matthew-meltzer authortax-sean-koessel authortax-steven-adair" id="post-3100" data-url="https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/" data-title="Ivanti Connect Secure VPN Exploitation: New Observations"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/">Ivanti Connect Secure VPN Exploitation: New Observations</a></h2> <p class="post-date">January 18, 2024</p> <p class="post-byline">by Matthew Meltzer, Sean Koessel, Steven Adair </p> <div class="post-content post-excerpt composition"><p>On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805. In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. The following day, January 16, 2024, proof-of-concept code for the exploit was made public. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day. Additionally, Volexity has continued its investigation into activity conducted by UTA0178 and made a few notable discoveries. The first relates to the GIFTEDVISITOR webshell that Volexity scanned for, which led to the initial discovery of over 1,700 compromised Ivanti Connect Secure VPN devices. On January 16, 2024, Volexity conducted a new scan for this backdoor and found an additional 368 compromised Ivanti Connect Secure VPN appliances, bringing the total count of systems infected by GIFTEDVISITOR to […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/">Read More</a> </div> </li> <li class="post-3070 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-apt tag-backdoor tag-china tag-exploit tag-ivanti-connect-secure tag-pulsesecure tag-rce tag-vpn tag-webshell authortax-cem-gurkok authortax-paul-rascagneres authortax-sean-koessel authortax-steven-adair authortax-tom-lancaster" id="post-3070" data-url="https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/" data-title="Ivanti Connect Secure VPN Exploitation Goes Global"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/">Ivanti Connect Secure VPN Exploitation Goes Global</a></h2> <p class="post-date">January 15, 2024</p> <p class="post-byline">by Cem Gurkok, Paul Rascagneres, Sean Koessel, Steven Adair, Tom Lancaster </p> <div class="post-content post-excerpt composition"><p>Important: If your organization uses Ivanti Connect Secure VPN and you have not applied the mitigation, then please do that immediately! Organizations should immediately review the results of the built-in Integrity Check Tool for log entries indicating mismatched or new files. As of version 9.1R12, Ivanti started providing a built-in Integrity Checker Tool that can be run as a periodic or scheduled scan. Volexity has observed it successfully detecting the compromises described in this post across impacted organizations. Last week, Ivanti also released an updated version of the external Integrity Checker Tool that can be further used to check and verify systems. On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA0178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/">Read More</a> </div> </li> <li class="post-2997 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-apt tag-china tag-exploit tag-ivanti-connect-secure tag-pulsesecure tag-rce tag-vpn tag-webshell authortax-matthew-meltzer authortax-robert-jan-mora authortax-sean-koessel authortax-steven-adair authortax-tom-lancaster" id="post-2997" data-url="https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/" data-title="Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/">Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN</a></h2> <p class="post-date">January 10, 2024</p> <p class="post-byline">by Matthew Meltzer, Robert Jan Mora, Sean Koessel, Steven Adair, Tom Lancaster </p> <div class="post-content post-excerpt composition"><p>Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach. During the second week of December 2023, Volexity detected suspicious lateral movement on the network of one of its Network Security Monitoring service customers. Upon closer inspection, Volexity found that an attacker was placing webshells on multiple internal and external-facing web servers. These detections kicked off an incident response investigation across multiple systems that Volexity ultimately tracked back to the organization’s Internet-facing Ivanti Connect Secure (ICS) VPN appliance (formerly known as Pulse Connect Secure, or simply Pulse Secure). A closer inspection […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/">Read More</a> </div> </li> <li class="post-2905 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-android tag-apt tag-china tag-evilbamboo tag-evileye tag-exploit tag-ios tag-ironsquirrel tag-jmask tag-malware tag-mobile tag-social-engineering tag-telegram authortax-callum-roxan authortax-paul-rascagneres authortax-tom-lancaster" id="post-2905" data-url="https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/" data-title="EvilBamboo Targets Mobile Devices in Multi-year Campaign"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/">EvilBamboo Targets Mobile Devices in Multi-year Campaign</a></h2> <p class="post-date">September 22, 2023</p> <p class="post-byline">by Callum Roxan, Paul Rascagneres, Tom Lancaster </p> <div class="post-content post-excerpt composition"><p>Volexity has identified several long-running and currently active campaigns undertaken by the threat actor Volexity tracks as EvilBamboo (formerly named Evil Eye) targeting Tibetan, Uyghur, and Taiwanese individuals and organizations. These targets represent three of the Five Poisonous Groups of Chinese Communist Party (CCP). Volexity has tracked the activities of EvilBamboo for more than five years and continues to observe new campaigns from this threat actor. In September 2019, Volexity described the deployment of a reconnaissance framework and custom Android malware targeting both the Uyghur and Tibetan communities. In April 2020, Volexity detailed attacks by this threat actor against iOS devices, using a Safari exploit to infect Uyghur users with custom iOS malware. Key highlights from Volexity’s recent investigations include the following: Android targeting: Development of three custom Android malware families, BADBAZAAR, BADSIGNAL, and BADSOLAR, to infect CCP adversaries is ongoing. Fake websites and social media profiles: The attacker has […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/">Read More</a> </div> </li> <li class="post-2521 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-apt tag-china tag-dfir tag-driftingcloud tag-exploit tag-sophos tag-threat-intelligence authortax-steven-adair authortax-tom-lancaster authortax-volexity-threat-research" id="post-2521" data-url="https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/" data-title="DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/">DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach</a></h2> <p class="post-date">June 15, 2022</p> <p class="post-byline">by Steven Adair, Tom Lancaster, Volexity Threat Research </p> <div class="post-content post-excerpt composition"><p>Volexity frequently works with individuals and organizations heavily targeted by sophisticated, motivated, and well-equipped threat actors from around the world. Some of these individuals or organizations are attacked infrequently or on an irregular basis, while others see a barrage of attacks nearly every week. Regardless of the attack frequency, Volexity keeps its guard up, looking for new and old threats however they manifest themselves. Earlier this year, Volexity detected a sophisticated attack against a customer that is heavily targeted by multiple Chinese advanced persistent threat (APT) groups. This particular attack leveraged a zero-day exploit to compromise the customer’s firewall. Volexity observed the attacker implement an interesting webshell backdoor, create a secondary form of persistence, and ultimately launch attacks against the customer’s staff. These attacks aimed to further breach cloud-hosted web servers hosting the organization’s public-facing websites. This type of attack is rare and difficult to detect. This blog post serves […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/">Read More</a> </div> </li> <li class="post-1696 post type-post status-publish format-standard has-post-thumbnail hentry category-threat-intelligence tag-apt tag-china tag-digital-surveillance tag-ios-exploitation tag-ios-malware tag-uyghur authortax-andrew-case authortax-dave-lassalle authortax-matthew-meltzer authortax-sean-koessel authortax-steven-adair authortax-tom-lancaster" id="post-1696" data-url="https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/" data-title="Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/">Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant</a></h2> <p class="post-date">April 21, 2020</p> <p class="post-byline">by Andrew Case, Dave Lassalle, Matthew Meltzer, Sean Koessel, Steven Adair, Tom Lancaster </p> <div class="post-content post-excerpt composition"><p>In September 2019, Volexity published Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs, which described a series of attacks against Uyghurs from multiple Chinese APT actors. The most notable threat actor detailed in the blog was one Volexity calls Evil Eye. The Evil Eye threat actor was observed launching an exploit aimed at installing a malware implant on Android phones. Volexity also believed this was likely the same group responsible for the launching exploits aimed at installing an iOS implant as described by Google’s Project Zero. Immediately after the publications from Google and Volexity, the Evil Eye threat actor went fairly quiet. They removed their malicious code from compromised websites, command and control (C2) servers were taken down, and various hostnames stopped resolving. This largely remained the case until early January 2020, when Volexity observed a series of new activity across multiple previously compromised Uyghur websites. In the latest activity […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/">Read More</a> </div> </li> <li class="post-357 post type-post status-publish format-standard hentry category-threat-intelligence tag-apt tag-china tag-cisco tag-exploits tag-japan tag-scanbox tag-vpn authortax-volexity" id="post-357" data-url="https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/" data-title="Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/">Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence</a></h2> <p class="post-date">October 7, 2015</p> <p class="post-byline">by Volexity </p> <div class="post-content post-excerpt composition"><p>In the world of information security, there is never a dull moment. Part of the fun of working in this space is that you always get to see attackers do something new or put a new spin on something old. Last month at the CERT-EU Conference in Brussels, Belgium, Volexity gave a presentation on a recent evolution in how attackers are maintaining persistence within victim networks. The method, which involves modifying the login pages to Cisco Clientless SSL VPNs (Web VPN), is both novel and surprisingly obvious at the same time. Attackers have been able to successfully implant JavaScript code on the login pages that enables them to surreptitiously steal employee credentials as they login to access internal corporate resources. Whether you are proactively monitoring your network or reactively undergoing an incident response, one of the last places you might examine for backdoors are your firewalls and VPN gateway appliances. […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/">Read More</a> </div> </li> <li class="post-356 post type-post status-publish format-standard hentry category-threat-intelligence tag-adobe-flash tag-apt tag-china tag-exploits tag-vulnerabilities authortax-volexity" id="post-356" data-url="https://www.volexity.com/blog/2015/07/08/158-2/" data-title="APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)"> <h2 class="post-title"><a href="https://www.volexity.com/blog/2015/07/08/158-2/">APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)</a></h2> <p class="post-date">July 8, 2015</p> <p class="post-byline">by Volexity </p> <div class="post-content post-excerpt composition"><p>As if the recent breach and subsequent public data dump involving the Italian company Hacking Team wasn’t bad enough, it all gets just a little bit worse. Emerging from the bowels of Hacking Team data dump was a Flash 0-day exploit (CVE-2015-5119) that was just patched today by Adobe as covered in APSB15-16. The exploit has since been added into the Angler Exploit Kit and integrated into Metasploit. However, not to be out done, APT attackers have also started leveraging the exploit in targeted spear phishing attacks as well. Before we start dishing the details, there is going to be one main takeaway from this blog post: If you haven’t already, update/patch your Adobe Flash now. Spear Phishing This morning, a well known APT threat group, often referred to as Wekby, kicked off a rather ironic spear phishing campaign. The attackers launched spoofed e-mail messages purporting to be from Adobe. […]</p> </div> <div class="blog-cta-contain"> <a class="box-cta" href="https://www.volexity.com/blog/2015/07/08/158-2/">Read More</a> </div> </li> </ol> <div class="pagination"> <div class="pagination-prev"></div> <div class="pagination-next"></div> </div> </section> <aside class="sidebar col-sm-4"> <ul class="widgets"> <li class="widget widget_search"><div class="widget-content"><form role="search" method="get" class="search-form" action="https://www.volexity.com/"> <label> <span class="screen-reader-text">Search for:</span> <input type="search" class="search-field" placeholder="SEARCH" value="" name="s" title="Search for:" /> </label> <input type="submit" class="search-submit" value="Search" /> </form></div></li> <li class="widget widget_recent_entries"><div class="widget-content"> <h4 class="widget-title">Recent Posts</h4> <ul> <li> <a href="https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/">The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access</a> </li> <li> <a href="https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/">BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA</a> </li> <li> <a href="https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/">StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms</a> </li> <li> <a href="https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/">DISGOMOJI Malware Used to Target Indian Government</a> </li> <li> <a href="https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/">Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices</a> </li> </ul> </div></li><li class="widget widget_archive"><div class="widget-content"><h4 class="widget-title">Archives</h4> <ul> <li><a href='https://www.volexity.com/blog/2024/11/'>November 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/08/'>August 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/06/'>June 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/05/'>May 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/04/'>April 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/02/'>February 2024</a></li> <li><a href='https://www.volexity.com/blog/2024/01/'>January 2024</a></li> <li><a href='https://www.volexity.com/blog/2023/09/'>September 2023</a></li> <li><a href='https://www.volexity.com/blog/2023/06/'>June 2023</a></li> <li><a href='https://www.volexity.com/blog/2023/03/'>March 2023</a></li> <li><a href='https://www.volexity.com/blog/2022/12/'>December 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/08/'>August 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/07/'>July 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/06/'>June 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/03/'>March 2022</a></li> <li><a href='https://www.volexity.com/blog/2022/02/'>February 2022</a></li> <li><a href='https://www.volexity.com/blog/2021/12/'>December 2021</a></li> <li><a href='https://www.volexity.com/blog/2021/08/'>August 2021</a></li> <li><a href='https://www.volexity.com/blog/2021/05/'>May 2021</a></li> <li><a href='https://www.volexity.com/blog/2021/03/'>March 2021</a></li> <li><a href='https://www.volexity.com/blog/2020/12/'>December 2020</a></li> <li><a href='https://www.volexity.com/blog/2020/11/'>November 2020</a></li> <li><a href='https://www.volexity.com/blog/2020/04/'>April 2020</a></li> <li><a href='https://www.volexity.com/blog/2020/03/'>March 2020</a></li> <li><a href='https://www.volexity.com/blog/2019/09/'>September 2019</a></li> <li><a href='https://www.volexity.com/blog/2018/11/'>November 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/09/'>September 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/08/'>August 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/07/'>July 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/06/'>June 2018</a></li> <li><a href='https://www.volexity.com/blog/2018/04/'>April 2018</a></li> <li><a href='https://www.volexity.com/blog/2017/11/'>November 2017</a></li> <li><a href='https://www.volexity.com/blog/2017/07/'>July 2017</a></li> <li><a href='https://www.volexity.com/blog/2017/03/'>March 2017</a></li> <li><a href='https://www.volexity.com/blog/2016/11/'>November 2016</a></li> <li><a href='https://www.volexity.com/blog/2015/10/'>October 2015</a></li> <li><a href='https://www.volexity.com/blog/2015/07/'>July 2015</a></li> <li><a href='https://www.volexity.com/blog/2015/06/'>June 2015</a></li> <li><a href='https://www.volexity.com/blog/2015/04/'>April 2015</a></li> <li><a href='https://www.volexity.com/blog/2014/10/'>October 2014</a></li> <li><a href='https://www.volexity.com/blog/2014/09/'>September 2014</a></li> </ul> </div></li><li class="widget widget_categorizedtagcloudwidget"><div class="widget-content"><h4 class="widget-title">Tags</h4> <div id="categorized-tag-cloud"><span id="categorized-tag-cloud-el-1"><a href="https://www.volexity.com/blog/tag/spear-phishing/" class="tag-cloud-link tag-link-45 tag-link-position-1" style="font-size: 11.010101010101pt;" aria-label="spear phishing (4 items)">spear phishing</a></span> <span id="categorized-tag-cloud-el-2"><a href="https://www.volexity.com/blog/tag/exploits/" class="tag-cloud-link tag-link-33 tag-link-position-2" style="font-size: 15.151515151515pt;" aria-label="exploits (12 items)">exploits</a></span> <span id="categorized-tag-cloud-el-3"><a href="https://www.volexity.com/blog/tag/ivanti-connect-secure/" class="tag-cloud-link tag-link-173 tag-link-position-3" style="font-size: 11.010101010101pt;" aria-label="ivanti connect secure (4 items)">ivanti connect secure</a></span> <span id="categorized-tag-cloud-el-4"><a href="https://www.volexity.com/blog/tag/malware/" class="tag-cloud-link tag-link-106 tag-link-position-4" style="font-size: 11.818181818182pt;" aria-label="malware (5 items)">malware</a></span> <span id="categorized-tag-cloud-el-5"><a href="https://www.volexity.com/blog/tag/phishing/" class="tag-cloud-link tag-link-107 tag-link-position-5" style="font-size: 10pt;" aria-label="phishing (3 items)">phishing</a></span> <span id="categorized-tag-cloud-el-6"><a href="https://www.volexity.com/blog/tag/scanning/" class="tag-cloud-link tag-link-31 tag-link-position-6" style="font-size: 11.010101010101pt;" aria-label="Scanning (4 items)">Scanning</a></span> <span id="categorized-tag-cloud-el-7"><a href="https://www.volexity.com/blog/tag/vulnerabilities/" class="tag-cloud-link tag-link-34 tag-link-position-7" style="font-size: 11.010101010101pt;" aria-label="vulnerabilities (4 items)">vulnerabilities</a></span> <span id="categorized-tag-cloud-el-8"><a href="https://www.volexity.com/blog/tag/apt/" class="tag-cloud-link tag-link-35 tag-link-position-8" style="font-size: 20pt;" aria-label="APT (38 items)">APT</a></span> <span id="categorized-tag-cloud-el-9"><a href="https://www.volexity.com/blog/tag/volcano/" class="tag-cloud-link tag-link-148 tag-link-position-9" style="font-size: 10pt;" aria-label="volcano (3 items)">volcano</a></span> <span id="categorized-tag-cloud-el-10"><a href="https://www.volexity.com/blog/tag/china/" class="tag-cloud-link tag-link-42 tag-link-position-10" style="font-size: 14.444444444444pt;" aria-label="China (10 items)">China</a></span> <span id="categorized-tag-cloud-el-11"><a href="https://www.volexity.com/blog/tag/webshell/" class="tag-cloud-link tag-link-84 tag-link-position-11" style="font-size: 11.818181818182pt;" aria-label="webshell (5 items)">webshell</a></span> <span id="categorized-tag-cloud-el-12"><a href="https://www.volexity.com/blog/tag/rce/" class="tag-cloud-link tag-link-174 tag-link-position-12" style="font-size: 12.525252525253pt;" aria-label="RCE (6 items)">RCE</a></span> <span id="categorized-tag-cloud-el-13"><a href="https://www.volexity.com/blog/tag/exploit/" class="tag-cloud-link tag-link-87 tag-link-position-13" style="font-size: 15.555555555556pt;" aria-label="Exploit (13 items)">Exploit</a></span> <span id="categorized-tag-cloud-el-14"><a href="https://www.volexity.com/blog/tag/memory-forensics/" class="tag-cloud-link tag-link-65 tag-link-position-14" style="font-size: 11.818181818182pt;" aria-label="memory forensics (5 items)">memory forensics</a></span> <span id="categorized-tag-cloud-el-15"><a href="https://www.volexity.com/blog/tag/0day/" class="tag-cloud-link tag-link-131 tag-link-position-15" style="font-size: 11.818181818182pt;" aria-label="0day (5 items)">0day</a></span> <span id="categorized-tag-cloud-el-16"><a href="https://www.volexity.com/blog/tag/threat-intelligence/" class="tag-cloud-link tag-link-93 tag-link-position-16" style="font-size: 12.525252525253pt;" aria-label="Threat Intelligence (6 items)">Threat Intelligence</a></span> <span id="categorized-tag-cloud-el-17"><a href="https://www.volexity.com/blog/tag/vpn/" class="tag-cloud-link tag-link-24 tag-link-position-17" style="font-size: 11.818181818182pt;" aria-label="VPN (5 items)">VPN</a></span> <span id="categorized-tag-cloud-el-18"><a href="https://www.volexity.com/blog/tag/dfir/" class="tag-cloud-link tag-link-133 tag-link-position-18" style="font-size: 10pt;" aria-label="dfir (3 items)">dfir</a></span> <span id="categorized-tag-cloud-el-19"><a href="https://www.volexity.com/blog/tag/north-korea/" class="tag-cloud-link tag-link-117 tag-link-position-19" style="font-size: 11.818181818182pt;" aria-label="North Korea (5 items)">North Korea</a></span> <span id="categorized-tag-cloud-el-20"><a href="https://www.volexity.com/blog/tag/pulsesecure/" class="tag-cloud-link tag-link-172 tag-link-position-20" style="font-size: 11.010101010101pt;" aria-label="pulsesecure (4 items)">pulsesecure</a></span> </div> <style> #categorized-tag-cloud a, #categorized-tag-cloud a:visited { text-decoration:none; } #categorized-tag-cloud a:hover { text-decoration:none; color:#3b97d3; } #categorized-tag-cloud-el-1 a, #categorized-tag-cloud-el-1 a:visited { color:#555555; } #categorized-tag-cloud-el-2 a, #categorized-tag-cloud-el-2 a:visited { color:#555555; } #categorized-tag-cloud-el-3 a, #categorized-tag-cloud-el-3 a:visited { color:#555555; } #categorized-tag-cloud-el-4 a, #categorized-tag-cloud-el-4 a:visited { color:#555555; } #categorized-tag-cloud-el-5 a, #categorized-tag-cloud-el-5 a:visited { color:#555555; } #categorized-tag-cloud-el-6 a, #categorized-tag-cloud-el-6 a:visited { color:#555555; } #categorized-tag-cloud-el-7 a, #categorized-tag-cloud-el-7 a:visited { color:#555555; } #categorized-tag-cloud-el-8 a, #categorized-tag-cloud-el-8 a:visited { color:#555555; } #categorized-tag-cloud-el-9 a, #categorized-tag-cloud-el-9 a:visited { color:#555555; } #categorized-tag-cloud-el-10 a, #categorized-tag-cloud-el-10 a:visited { color:#555555; } #categorized-tag-cloud-el-11 a, #categorized-tag-cloud-el-11 a:visited { color:#555555; } #categorized-tag-cloud-el-12 a, #categorized-tag-cloud-el-12 a:visited { color:#555555; } #categorized-tag-cloud-el-13 a, #categorized-tag-cloud-el-13 a:visited { color:#555555; } #categorized-tag-cloud-el-14 a, #categorized-tag-cloud-el-14 a:visited { color:#555555; } #categorized-tag-cloud-el-15 a, #categorized-tag-cloud-el-15 a:visited { color:#555555; } #categorized-tag-cloud-el-16 a, #categorized-tag-cloud-el-16 a:visited { color:#555555; } #categorized-tag-cloud-el-17 a, #categorized-tag-cloud-el-17 a:visited { color:#555555; } #categorized-tag-cloud-el-18 a, #categorized-tag-cloud-el-18 a:visited { color:#555555; } #categorized-tag-cloud-el-19 a, #categorized-tag-cloud-el-19 a:visited { color:#555555; } #categorized-tag-cloud-el-20 a, #categorized-tag-cloud-el-20 a:visited { color:#555555; } </style></div></li> </ul> </aside> </div> </div> </main> <footer class="footer"> <div class="footer-container container"> <div class="footer-col-first col-md-3 no-padding"> <a class="footer-logo" href="https://www.volexity.com"><img src="https://www.volexity.com/wp-content/themes/volexity/dist/images/logo.png" alt="Volexity"></a> <address class="footer-copyright">© 2024 Volexity. All Rights Reserved.</address> </div> <ul id="menu-footer-menu" class="footer-menu-list col-md-4 col-xs-12"><li id="menu-item-57" class="nav-header menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-57"><a href="/company/about/">About</a> <ul class="sub-menu"> <li id="menu-item-59" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-59"><a href="https://www.volexity.com/company/about/">About Us</a></li> <li id="menu-item-58" class="menu-item menu-item-type-post_type menu-item-object-page current_page_parent menu-item-58"><a href="https://www.volexity.com/blog/">Blog</a></li> <li id="menu-item-395" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-395"><a href="https://www.volexity.com/privacy-policy/">Privacy Policy</a></li> </ul> </li> <li id="menu-item-60" class="nav-header menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-60"><a href="/solutions/">Solutions</a> <ul class="sub-menu"> <li id="menu-item-400" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-400"><a href="https://www.volexity.com/company/contact/">Request A Demo</a></li> <li id="menu-item-61" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-61"><a href="https://www.volexity.com/products-overview/">Products</a></li> <li id="menu-item-669" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-669"><a href="https://www.volexity.com/services-overview/">Services</a></li> </ul> </li> </ul> <div class="footer-address col-md-3 col-xs-12"> <p class="footer-header">Contact</p> <ul> <li class="footer-address--address icon-location-marker"> 11654 Plaza America Dr #774<br /> Reston, VA 20190-4700 </li> <li class="footer-address--phone icon-phone-mobile">1-888-825-1975</li> </ul> </div> <div class="footer-social col-md-2 no-padding"> <p class="footer-header">Connect</p> <ul> <li class="footer-social-holder"><a href="https://www.facebook.com/volexity" target="_blank" class="icon-facebook footer-social--link"></a></li> <li class="footer-social-holder"><a href="https://twitter.com/volexity" target="_blank" class="icon-twitter footer-social--link"></a></li> <li class="footer-social-holder"><a href="https://www.linkedin.com/company/volexity" target="_blank" class="icon-linkedin footer-social--link"></a></li> <li class="footer-social-holder"><a href="https://infosec.exchange/@volexity" target="_blank" class="fa-mastodon footer-social--link"></a></li> </ul> </div> </div> <div id="back-to-top" class="icon-slide-left"></div> <script type="text/javascript" id="main-js-extra"> /* <![CDATA[ */ var urls = {"base":"https:\/\/www.volexity.com","theme":"https:\/\/www.volexity.com\/wp-content\/themes\/volexity","ajax":"https:\/\/www.volexity.com\/wp-admin\/admin-ajax.php"}; var info = []; /* ]]> */ </script> <script type="text/javascript" src="https://www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.6.2" id="main-js"></script>  <div id="cookie-notice" role="dialog" class="cookie-notice-hidden cookie-revoke-hidden cn-position-bottom" aria-label="Cookie Notice" style="background-color: rgba(0,0,0,1);"><div class="cookie-notice-container" style="color: #fff"><span id="cn-notice-text" class="cn-text-container">This Website uses cookies, which are necessary to its functioning and required to achieve the purposes illustrated in our <a href="/privacy-policy/#cookies">Cookie Policy</a>. By clicking the button, you consent to our use of cookies.</span><span id="cn-notice-buttons" class="cn-buttons-container"><a href="#" id="cn-accept-cookie" data-cookie-set="accept" class="cn-set-cookie cn-button cn-button-custom box-cta" aria-label="Agree & Close">Agree & Close</a></span><span id="cn-close-notice" data-cookie-set="accept" class="cn-close-icon" title="No"></span></div> </div> </footer></body> </html>