According to a report the FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have warned the admins the attackers are exploiting the vulnerabilities found in the Fortinet FortiOS. In March 2021, the FBI and CISA discovered a high-severity persistent threat (APT) attackers scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379 in FortiOS. Moreover, they also observed that attackers are scanning enumerated devices for CVE-2020-12812 and CVE-2019-5591. According to experts, the attackers are looking to attack the systems of government, commercial and, technical systems. “The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” the full advisory states. APT groups have previously exploited high severity vulnerabilities to bring about distributed denial-of-service attacks, ransomware campaigns, SQL injection attacks, spear-phishing campaigns, website defacements, and disinformation attacks, officials note.
The advisory of FortiOS arrived after the CISA issued further guidance on its emergency directive regarding the Microsoft Exchange Server vulnerabilities patched last month. According to the most recent update the federal departments and agencies are ought to run Microsoft’s new Test-ProxyLogon.script and Safety Scanner tool to see whether it’s been compromised or not. Fortinet followed upon its release of a patch for CVE-2018-13379 with blog posts in August 2019 and July 2020 to provide more details and warn customers of active attacks by APT 29. “If customers have not done so, we urge them to immediately implement the upgrade and mitigations,” Fortinet says in a statement on today’s advisory.