May 28, 2021 12:00:00

FBI announces that 'a hacker using a vulnerability in Fortinet products has compromised a local government server'

Fortinet 's virtual appliance , which develops and provides integrated threat management products to efficiently and comprehensively protect computer networks from threats such as viruses and hacks, has been hacked and a web server operated by a local government in the United States has been compromised. The Federal Investigative Service (FBI) has announced.

Alert Number MI-000148-MW
(PDF file) https://www.ic3.gov/Media/News/2021/210527.pdf

FBI says an APT breached a US municipal government via an unpatched Fortinet VPN | The Record by Recorded Future
https://therecord.media/fbi-says-an-apt-breached-a-us-municipal-government-via-an-unpatched-fortinet-vpn/

FBI: APT hackers breached US local govt by exploiting Fortinet bugs
https://www.bleepingcomputer.com/news/security/fbi-apt-hackers-breached-us-local-govt-by-exploiting-fortinet-bugs/

On May 27, 2021, local time, the FBI warned of the existence of an APT attack that exploited a vulnerability in Fortinet's virtual appliance.

According to the FBI, hackers are accessing a web server hosting a US municipal domain through an attack on Fortinet's virtual appliance. The FBI notes that hackers who have launched APT attacks have enabled malicious attacks on the network by creating an account named 'elie'.

The hacker who launched this APT attack is launching an attack by exploiting the 'vulnerabilities in products provided by Fortinet' that the FBI warned in April 2021. According to a survey by the FBI and the Cyber Security Infrastructure Security Agency (CISA) under the Ministry of Homeland Security, the following three vulnerabilities were used in this attack.

・

CVE-2018-13379
・CVE-2020-12812
・CVE-2019-5591

If the APT attack is successful, the hacker will be able to access the internal network operated by the victim. As a result, 'it is possible to conduct data breaches, data encryption, and other malicious attacks via a web server that hosts a municipal domain,' the FBI explains.

In addition, since hackers are aggressively attacking a wide range of organizations across multiple fields, 'it is not intended to launch attacks on specific fields, but to exploit vulnerabilities. We are aiming for it, 'the FBI wrote.

When the FBI announced the existence of the vulnerability in April 2021, it

warned government agencies using Fortinet's products to apply the patch. However, the warning is vain and it means that this APT attack has been launched.

Hackers targeting local government web servers are believed to have repeatedly attacked unpatched Fortinet servers for many years, and in the past attacked election support systems. It seems that they are also attacking.