FBI Director Christopher Wray. (Photograph by Mark Wilson/Getty Photos)
The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint advisory Friday that innovative persistant danger teams are scanning for susceptible Fortinet goods.
“It is probably that the APT actors are scanning for these vulnerabilities to get entry to various federal government, industrial, and technology services networks,” reads the advisory.
The APTs, which CISA and the FBI did not discover, were being looking for 3 vulnerabilities in FortiOS over the past two decades – CVE-2018-13379, patched in May possibly 2019, which afflicted various variations up to 6..4 CVE-2019-5591, patched in July 2019, which affected variations up to 6.2. and CVE-2020-12812, patched in July 2020, which impacted versions up to 6.2. and variation 6.4.. The latest variation of FortiOS is version 7..
Per CISA and the FBI, the most effective mitigations for the vulnerabilities are patching and common cybersecurity hygiene procedures.
“The APT actors could be employing any or all of these CVEs to acquire entry to networks throughout multiplecritical infrastructure sectors to obtain access to essential networks as pre-positioning for comply with-on dataexfiltration or data encryption attacks. APT actors may perhaps use other CVEs or prevalent exploitationtechniques – such as spearphishing – to get access to critical infrastructure networks to pre-positionfor follow-on attacks,” reads the advisory.
Some parts of this article are sourced from: