An alert from the Federal Bureau of Investigation (FBI) notes that a local government office was compromised through the abuse of a flaw in a Fortinet security solution a couple of weeks ago. The alert mentions that this attack was perpetrated by a group of threat actors against a Fortigate device in order to access the web server that hosted the affected government domain.
Although the investigative agency did not reveal exactly which local government was attacked, it is a confirmed fact that hackers exploited security flaws linked to Fortinet products.
After accessing the compromised systems, the threat actors managed to perform various malicious actions, including extracting sensitive data and encrypting files, among other attacks. The FBI mentions that these attacks appear to be aimed at specific organizations and industries.
Regarding the vulnerabilities exploited by hackers, the FBI points out that these flaws are related to FortiOS, the operating system present in Fortinet’s security solutions. This development was created to optimize the operation of Fortinet’s products, although it seems that hackers have found a way to use it against the affected organizations.
In this regard, Fortinet released a statement mentioning: “This campaign could be related to the vulnerability tracked as CVE-2018-13379; we have communicated directly with customers and through corporate blog posts to share some safety recommendations.” The release also refers to CVE-2019-5591 and CVE-2020-12812, two security flaws addressed in previous updates but not fixed by some administrators.
On the other hand, security analyst Sean Nikkel mentioned that all the flaws listed in this alert were identified at least a year ago, which certainly shows that the update policy in many organizations needs to be improved: “It’s good to receive a reminder because not only legitimate users are aware of security updates, as threat actors are even more attentive to releasing updates to address potential security flaws.”
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.