Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Stealth Malware Targets Fortinet Firewalls

June 23, 2025
Reading Time: 2 mins read
in Alerts
Stealth Malware Targets Fortinet Firewalls

The UK’s National Cyber Security Centre has issued a critical warning about a very sophisticated new malware campaign. This recently identified threat, which has been dubbed “UMBRELLA STAND,” specifically targets internet-facing Fortinet firewall devices. The malware is designed to establish long-term persistent access to the compromised networks of its many victims. It operates with considerable technical sophistication, employing fake TLS communications on port 443 to beacon to its servers.

NCSC analysts identified that UMBRELLA STAND has been deployed alongside a very comprehensive toolkit of publicly available utilities.

Its modular architecture consists of multiple interconnected components, with a primary networking binary serving as the core module. The threat actors have demonstrated operational security awareness by implementing a number of different string encryption techniques. They also use generic filenames that could plausibly exist on Linux systems to successfully avoid immediate visual detection.

The significant impact of successful UMBRELLA STAND infections extends far beyond any simple form of network compromise. The malware provides its attackers with comprehensive remote shell execution capabilities that are highly configurable by the attackers. The beacon frequencies can be adjusted at any time based on the current operational requirements of the attackers. The threat can execute its shell commands through both the ash shell and also BusyBox software environments.

It even has built-in safety mechanisms that will automatically terminate its own long-running tasks after 900 seconds.

The most concerning aspect of this malware lies in its sophisticated persistence mechanisms, ensuring continued system access. The malware achieves this through a dual-pronged approach that manipulates the device’s boot process and its functions. The primary persistence method involves hooking the reboot functionality of the Fortinet operating system itself. This works with an ldpreload technique that loads the malware’s library into new processes through configuration file modification. UMBRELLA STAND also abuses legitimate Fortinet security features to effectively make the malware’s files completely invisible.

  • New Malware UMBRELLA STAND Silently Infiltrates Fortinet Network Devices
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025
ADVERTISEMENT

Related Posts

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

NCC Urges Windows 11 Upgrade Cyber Defenses

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

FBI Seizes Multiple Game Piracy Sites

July 15, 2025
Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025

Latest Alerts

NCC Urges Windows 11 Upgrade Cyber Defenses

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Subscribe to our newsletter

    Latest Incidents

    Elmo Impersonator Posts Antisemitic Content

    PET Imaging Phishing Attack Hits

    Louis Vuitton Data Breach Global Impact

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial