NCSC Unveils SHOE RACK Malware Targeting FortiGate Firewalls

The NCSC has revealed the existence of a malware named SHOE RACK, which exploits reverse SSH and DoH attacks to target FortiGate firewalls. This malware uses post-exploitation techniques to maintain persistent and hidden access to compromised systems. Reverse SSH attacks allow attackers to bypass traditional security measures by establishing outgoing connections from the target system. The use of DoH (DNS over HTTPS) masks malicious traffic by making it appear as legitimate DNS requests. The impacts include the compromise of networks protected by FortiGate firewalls, allowing attackers to maintain undetected access.