Mandiant suspects that Chinese hackers may have abused the FortiOS SSL-VPN flaw to target the European government and an African MSP with Boldmove, a Linux and Windows malware. Hackers exploited a previously patched flaw, CVE-2022-42475, in FortiOS as a zero-day. The exploitation occurred as early as October 2022 and the patch was out in December.