FBI Issues Fortinet Flash Warning

The United States Federal Bureau of Investigation issued a flash warning Thursday over the exploitation of Fortinet vulnerabilities by advanced persistent threat (APT) groups.

According to the FBI, an APT actor group has "almost certainly" been exploiting a FortiGate appliance since at least May 2021 to access a web server hosting the domain for a US municipal government.

The APT actors may have established new user accounts on domain controllers, servers, workstations, and the active directories to help them carry out malicious activity on the network. 

"Some of these accounts appear to have been created to look similar to other existing accounts on the network, so specific account names may vary per organization," said the FBI. However, the Feds warned organizations to be on the lookout for accounts created with the usernames "elie" or “WADGUtilityAccount.”

Once inside a network, the APT actors can conduct data exfiltration, data encryption, or other malicious activity.

The alert comes just one month after the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that APT actors had gained access to devices on ports 4443, 8443, and 10443 for Fortinet FortiOS CVE-2018-13379, and enumerated devices for FortiOS CVE-2020- 12812 and FortiOS CVE-2019-5591.

The cyber-criminal activity appears to be focused on exploiting particular vulnerabilities rather than specific sectors, as the APT actors have been observed actively targeting a broad range of victims across multiple industries.

"The fact that we continue to see these legacy vulnerabilities being exploited in spite ..

Support the originator by clicking the read the rest link below.