Security News > 2021 > May > FBI Shares IOCs for APT Attacks Exploiting Fortinet Vulnerabilities
The FBI on Thursday published indicators of compromise associated with the continuous exploitation of Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks.
In early April, the FBI along with the Cybersecurity and Infrastructure Security Agency warned that threat actors had been targeting serious security holes in Fortinet's flagship operating system FortiOS for initial access into victims' networks.
The targeted bugs include CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.
While initial activity only involved scanning for devices vulnerable to the FortiOS SSL VPN web portal flaw, as well as enumeration of devices potentially impacted by the other two bugs, the attackers have since moved to network compromise and additional malicious activity.
Network administrators should also look for other unrecognized accounts.
Administrators are also advised to take all the necessary measures to ensure the security of networks, including keeping systems patched and continuously updated, implementing network segmentation and multi-factor authentication, applying the principle of least privilege, keeping data backed up, employing malware detection tools, and periodically checking the environment for suspicious activity.
News URL
Related news
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)
- Brazilian police claim they've cuffed serial cybercrook behind FBI and Airbus attacks (source)
- Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-14 | CVE-2019-5591 | Missing Authentication for Critical Function vulnerability in Fortinet Fortios A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. | 6.5 |
2020-07-24 | CVE-2020-12812 | Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | 9.8 |
2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |