FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities
A joint advisory warns admins of the likelihood of APT groups exploiting three vulnerabilities in the Fortinet FortiOS.
The FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today issued a joint advisory warning admins of active exploits targeting three vulnerabilities in Fortinet FortiOS.
In March 2021, the FBI and CISA observed advanced persistent threat (APT) attackers scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379 in FortiOS. They also noticed attackers scanning enumerated devices for CVE-2020-12812 and CVE-2019-5591. Officials believe attackers are attempting to access multiple government, commercial, and technology services networks.
“The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” the full advisory states.
APT groups have historically exploited critical vulnerabilities to launch distributed denial-of-service attacks, ransomware campaigns, SQL injection attacks, spear-phishing campaigns, website defacements, and disinformation attacks, officials note.
The FortiOS advisory arrives two days after CISA issued further guidance on its emergency directive regarding the Microsoft Exchange Server vulnerabilities patched last month. Its latest update instructs federal departments and agencies to run Microsoft’s new Test-ProxyLogon.script and Safety Scanner tool to determine whether they have been compromised.
Read the CISA advisory for more information on the FortiOS exploits.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Recommended Reading:
More Insights
Read More HERE