Mumbai: APT (Advanced Persistent Threat) actors are using multiple Fortinet FortiOS CVEs to access US networks, the US Federal agencies said.
The FBI (Federal Bureau of Investigation) and CISA ( Cybersecurity and Infrastructure Security Agency) have observed APT actors are scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, and enumerated devices for CVE-2020-12812and CVE-2019-5591.
These agencies gathered information indicated that APT actors are using multiple CVEs (Common Vulnerabilities and Exposures) to exploit Fortinet FortiOS vulnerabilities to attack multiple US networks.
FortiOS is an operating system of the cybersecurity company Fortinet. According to the company, FortiOS is the foundation of the Fortinet Security Fabric, consolidating many technologies and use cases into a simplified, single policy and management framework. Fortinet released the latest version FortiOS 7.0 this year in February.
They believe that the APT actors are likely exploiting these Fortinet FortiOS vulnerabilities—CVE 2018-13379, CVE-2020-12812 and CVE-2019-5591—to gain access to multiple governments, commercial and technology services networks.
“It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple governments, commercial, and technology services networks,” the US Federal agencies said in its Joint Cybersecurity Advisory report issued this month.
“APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns,” stated the report.
The report warned that the APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks.
APT actors may use other CVEs or common exploitation techniques—such as spearphishing—to gain access to critical infrastructure networks to pre-position for follow-on attacks.
Among many recommendations, the agencies have advised to immediately patch CVEs 2018-13379, 2020-12812, and 2019-5591.
“If FortiOS is not used by your organisation, add key artefact files used by FortiOS to your organization’s execution denylist. Any attempts to install or run this program and its associated files should be prevented,” the advisory stated.
Fortinet was unable for immediate comments on this news report.
Probably, this is the second incident of hackers exploiting vulnerabilities to target critical infrastructure and networks. Late in February this year, Microsoft mail server software suffered a major breach due to zero-day vulnerabilities.
A China-based hackers group Hafnium had exploited those vulnerabilities to hack into the mail server software revealed Microsoft’s internal probe.