Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch.

Researchers from Mandiant say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes.

The group, it said in a Thursday blog post, exploited a now-patched path transversal zero-day vulnerability tracked as CVE-2022-41328 in the Fortinet operating system in order to gain persistence on FortiGate and FortiManager products. Such penetrations can give hackers years of interrupted access to internal networks.