APT41 Weaponizes FortiClient Vulnerability To Steal Credentials

APT41 a China-linked state-sponsored group launched a July 2024 campaign exploiting unpatched FortiClient vulnerabilities to gather sensitive data. Known for creating malware like DeepData DeepPost and LightSpy they use infected systems to collect and exfiltrate valuable information. The group employs multiple servers to host malicious payloads and enhance their operations.