FBI says hackers hit US local government through Fortinet VPN

FBI and CISA urge all Fortinet users to immediately patch their devices

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The FBI and theCybersecurityand Infrastructure Security Agency (CISA) have shared details about threat attackers having breached the webserver of a US municipal government after exploiting vulnerabilities in the FortinetVPNappliances.

The two agencies had previouslywarnedAdvanced Persistent Threat (APT) groups were likely exploiting several critical vulnerabilities in theFortinetappliances. They specifically identified three vulnerabilities tracked as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591, urging users to patch them without delay.

“As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access awebserverhosting the domain for a U.S. municipal government,” observed the FBI’s Cyber Division in a flash alert as it continued to warn users of unpatched Fortinet appliances.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

The advisory further shared that the threat actors are “actively targeting” victims across multiple sectors, which suggests that they are indiscriminately looking for vulnerable hosts rather than targeting someone in particular.

Dropping backdoors

Based on its analysis of the threat actor’s movements on the municipal government’s compromised system, the FBI shared that once they were in, they moved through the network and created new domain controller, server, and workstation user accounts.

The FBI suggests that the threat actors’ activities can possibly be leveraged for malicious activities including the collection and exfiltration of data from the victims' network.

“APT actors have historically exploited critical vulnerabilities to conduct distributeddenial-of-service (DDoS)attacks,ransomware attacks, structured query language (SQL) injection attacks, spear phishing campaigns, website defacements, and disinformation campaigns,” warned the agencies in their earlier advisory, as they suggested some mitigations to help Fortinet users avoid being attacked.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

7 myths about email security everyone should stop believing