Network Security, Threat Management

APTs targeting Fortinet, CISA and FBI warn

WASHINGTON, DC – JUNE 14:  FBI Director isÊChristopher A. Wray speaks to the media during a news conference at FBI Headquarters, on June 14, 2018 in Washington, DC. Earlier today theÊinspector generalÊreleased a 500 page report on the Clinton email investigation.  (Photo by Mark Wilson/Getty Images)
FBI Director Christopher Wray. (Photo by Mark Wilson/Getty Images)

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint advisory Friday that advanced persistant threat groups are scanning for vulnerable Fortinet products.

"It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks," reads the advisory.

The APTs, which CISA and the FBI did not identify, were looking for three vulnerabilities in FortiOS over the past two years – CVE-2018-13379, patched in May 2019, which affected various versions up to 6.0.4; CVE-2019-5591, patched in July 2019, which affected versions up to 6.2.0; and CVE-2020-12812, patched in July 2020, which affected versions up to 6.2.0 and version 6.4.0. The current version of FortiOS is version 7.0.

Per CISA and the FBI, the best mitigations for the vulnerabilities are patching and common cybersecurity hygiene techniques.

"The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks. APT actors may use other CVEs or common exploitation techniques – such as spearphishing – to gain access to critical infrastructure networks to pre-position for follow-on attacks," reads the advisory.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.