The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint advisory Friday that advanced persistant threat groups are scanning for vulnerable Fortinet products.
"It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks," reads the advisory.
The APTs, which CISA and the FBI did not identify, were looking for three vulnerabilities in FortiOS over the past two years – CVE-2018-13379, patched in May 2019, which affected various versions up to 6.0.4; CVE-2019-5591, patched in July 2019, which affected versions up to 6.2.0; and CVE-2020-12812, patched in July 2020, which affected versions up to 6.2.0 and version 6.4.0. The current version of FortiOS is version 7.0.
Per CISA and the FBI, the best mitigations for the vulnerabilities are patching and common cybersecurity hygiene techniques.
"The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks. APT actors may use other CVEs or common exploitation techniques – such as spearphishing – to gain access to critical infrastructure networks to pre-position for follow-on attacks," reads the advisory.