April 18, 2025 By Tushar Subhra Dutta
A server briefly linked to the notorious KeyPlug malware has inadvertently exposed a comprehensive arsenal of exploitation tools specifically designed to target Fortinet firewall and VPN appliances.
The infrastructure, which security researchers have attributed to the RedGolf threat group (overlapping with APT41), was accessible for less than 24 hours before being secured, providing a rare glimpse into advanced persistent threat operations aimed at critical network infrastructure.
The exposed server at IP 45.77.34[.]88 revealed multiple exploit scripts targeting vulnerabilities in Fortinet devices, including what appears to be tools leveraging CVE-2024-23108 and CVE-2024-23109.
