FBI: Still Successful Attacks Through Old Fortinet FortiOS Vulnerability

Organizations are still being compromised by old vulnerabilities in Fortinet FortiOS, the FBI warns. The US investigation agency reports that a successful attack on a US city took place this month in which the attackers were given access to the city's web server via a vulnerable Fortigate appliance.

In the observed attacks, attackers take advantage of known vulnerabilities in FortiOS, such as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591, for which security updates have been available for a long time. In the event of a successful attack, new user accounts are created on the domain controllers, servers, workstations and active directories. These accounts include the name "elie" and "WADGUtilityAccount".

Furthermore, the attackers use tools such as WinRAR, FileZilla and BitLocker to compress data, encrypt it and then send it back to a server via FTP. The FTP traffic goes over port 443. The attackers also create all kinds of tasks. To prevent the attacks, the FBI advises, among other things, to patch the three previously mentioned vulnerabilities immediately ( pdf ).

Previous Post Next Post