McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities

Threat Summary

On November 17, 2021, The US Cybersecurity & Infrastructure Security Agency (CISA) pushed an Alert entitled “Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities” which you need to pay attention to if you use Microsoft Exchange or Fortinet appliances. It highlights one Microsoft Exchange CVE (Common Vulnerability & Exposure), three Fortinet CVEs and a list of malicious and legitimate tools associated with this activity.

Threat Intelligence Update from McAfee Enterprise

A few hours later our Advanced Threat Research (ATR) team published a new campaign in MVISION Insights under the name “Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities”. Immediately after, MVISION Insights started to provide near real-time statistics on the prevalence of the tools associated to this threat campaign by country and by sector.

Figure 1. MVISION Insights Global prevalence statistics for this campaign on Nov 19, 2021

In this blog I want to show you how you can operationalize the data linked to this alert in MVISION Insights together with your investigation and protection capabilities to better protect your organization against this threat.

Tracking New Campaigns and Threat Profiles, Including This Alert

MVISION Insights combines Campaigns and Threat Profiles in the same list, and you can change the order from “Last Detected” to “Last Added” as shown below.

Figure 2. List of MVISION Insights campaigns last added, with a selection of this campaign

On the left of figure 2, a color code shows you the severity assigne ..

Support the originator by clicking the read the rest link below.