avuko, If you work in #infosec I suggest you read the above, even if just to get a feel for what we are collectively up against. No fluffy or whitepaper stuff, I promise.
Then, if you have any device running #FortiOS anywhere, especially if the Chinese government might be interested in anything you do, dump a diskimage of the device(s) (with a virtual device this would be easy, I haven't found info on how to do this from a device) and head over to https://github.com/JSCU-NL/COATHANGER to at least run the checks. There is also some live checking you could do; See the report.
Pass anything sufficiently suspicious by your DFIR team, and if the experts think it is "sus", report to your national CSIRT/CERT, or as per the request in the report to the NCSC of the Netherlands: https://english.ncsc.nl/contact.
Add comment