The FBI announced that a Fortinet virtual appliance, which develops and provides an integrated threat management product to efficiently and comprehensively protect computer networks from threats such as viruses and hacking, has been hacked and compromised a web server operated by a U.S. municipality, the FBI announced.
On May 27 (local time), the FBI warned of the existence of an APT attack using a vulnerability in the Fortinet Virtual Appliance.
According to the FBI, a hacker could use an attack on a Fortinet virtual appliance to gain access to a web server hosting a US municipality domain. According to the FBI, the hacker who carried out the APT attack created an account called elie to enable malicious attacks on the network.
In this APT attack, hackers are using vulnerabilities in Fortinet-provided products that the FBI warned in April 2021. According to the FBI and CISA investigation, a cybersecurity infrastructure security agency affiliated with the Department of Homeland Security, three vulnerabilities were used in this attack: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.
A successful APT attack gives the attacker access to the victim’s internal network. Therefore, it is explained that data leakage, data encryption, and malicious attacks can be performed through the web server hosting the local government domain.
In addition, since hackers are actively attacking a wide range of organizations across multiple fields, it is revealed that the purpose is not to launch an attack in a specific field, but to exploit vulnerabilities.
The FBI also warned that the patch should be applied for government agencies using Fortinet products at the time the vulnerability was announced in April 2021. However, despite the warning, this APT attack turned out to be. Hackers targeting municipal web servers say that unpatched Fortinet has been repeating attacks on servers for several years, and that it has also carried out attacks on election support systems in the past. Related information can be found here.