Security News > 2021 > May > FBI: APT hackers breached US local govt by exploiting Fortinet bugs
The Federal Bureau of Investigation says state-sponsored attackers breached the webserver of a U.S. municipal government after hacking a Fortinet appliance.
"As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government," the FBI's Cyber Division said in a TLP:WHITE flash alert published today.
The FBI has also observed attackers associated with this ongoing APT malicious activity creating 'WADGUtilityAccount' and 'elie' accounts on compromised systems.
"The APT actors are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors," the FBI added.
The FBI and the CISA also warned last month of state-sponsored hacking groups that had gained access to Fortinet appliances by exploiting CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 FortiOS vulnerabilities.
State-sponsored hackers have continuously targeted unpatched Fortinet servers over the years.
News URL
Related news
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- US shares tips to block hackers behind recent telecom breaches (source)
- 8 US telcos compromised, FBI advises Americans to use encrypted communications (source)
- Fortinet warns of FortiWLM bug giving hackers admin privileges (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-14 | CVE-2019-5591 | Missing Authentication for Critical Function vulnerability in Fortinet Fortios A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | 6.5 |
2020-07-24 | CVE-2020-12812 | Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | 9.8 |
2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |