Old FortiNet Vulnerabilities exploited by State Sponsored Actors
Old FortiNet Vulnerabilities exploited by State Sponsored Actors
THREAT LEVEL: Amber.
For a detailed advisory, download the pdf file here
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) has released a joint advisory warning stating that ATP actors are gaining access to the FortiNet VPN servers through ports 4443, 8443 and 10443. The state sponsored actors are scanning for the vulnerabilities and gaining access to commercial, technology and government service networks
Vulnerability Details
Threat Actors
Name: Apt 5 Known as: KEYHOLE PANDA, comfoo Origin: China Targeted Sector: Defense, High-Tech, Industrial, Technology, Telecommunications, Aerospace Targeted Location: United States and Southeast Asia
Name: MuddyWater Known as: Seedworm, TEMP.Zagros, Static Kitten, NTSTATS, POWERSTATS, MERCURY Origin: Iran Targeted Sector: Defense, High-Tech, Industrial, Technology, Telecommunications, Aerospace Targeted Location: Defense, Education, Food, Gaming, Government, IT, Media, NGOs, Oil and gas, Telecommunications, Academic, Transportation
PATCH LINKS
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37033 http://www.securityfocus.com/bid/108693
References
https://fortiguard.com/advisory/FG-IR-19-037 https://fortiguard.com/psirt/FG-IR-19-283 https://fortiguard.com/advisory/FG-IR-18-384 https://nvd.nist.gov/vuln/detail/CVE-2018-13379 https://nvd.nist.gov/vuln/detail/CVE-2020-12812 https://nvd.nist.gov/vuln/detail/CVE-2019-5591 https://www.hackread.com/fbi-cisa-hackers-exploit-fortinet-vpn-vulnerabilities/ https://www.ic3.gov/Media/News/2021/210402.pdf https://thecyberwire.com/newsletters/daily-briefing/10/64 https://therecord.media/us-says-apts-are-using-fortinet-bugs-to-gain-initial-access-for-future-attacks/