The Federal Bureau of Investigation said today that foreign hackers had breached the network of a local US municipal government after exploiting vulne

FBI says an APT breached a US municipal government via an unpatched Fortinet VPN

submited by
Style Pass
2021-05-27 21:30:16

The Federal Bureau of Investigation said today that foreign hackers had breached the network of a local US municipal government after exploiting vulnerabilities in an unpatched Fortinet networking appliance.

The hack comes after the FBI had previously warned the US private sector and government agencies to patch Fortinet devices a month earlier, in April 2021.

At the time, the FBI said that foreign nation-state hacking groups—also known as Advanced Persistent Threats (APTs)—were scanning the internet for Fortinet devices vulnerable to three bugs tracked as CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591.

As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government.

The FBI said that in this particular intrusion, the attacker created a backdoor account named “elie,” which they used to pivot from the compromised Fortinet VPN appliance to the victim’s internal network.

Leave a Comment