FBI and CISA Advisory: APT Actors Exploiting FortiOS Vulnerabilities to Gain Initial Access for Future Attacks

Today the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a Cybersecurity Advisory stating that advanced persistent threat (APT) actors are engaged in activities to exploit Fortinet FortiOS vulnerabilities to gain initial access to government, commercial, and technology services networks for future attacks. The advisory notes that APT actors have historically exploited critical vulnerabilities to conduct attacks that include distributed denial-of-service (DDoS), ransomware, structured query language (SQL) injection, spearphishing, website defacement, and disinformation.

Access the Cybersecurity Advisory below.

Mitigation Recommendations
The FortiOS vulnerabilities include CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. For organizations that use FortiOS, the advisory recommends they immediately patch these CVEs. For organizations that do not use FortiOS, it recommends they add key artifact files used by FortiOS to their execution deny list and that they prevent any attempts to install or run this program and its associated files. The advisory’s mitigations section lists other recommendations highlighting security best practices in light of this activity.

Next Steps
CISA and the FBI encourage partners contribute any information they may have related to this threat. To report intrusions or request incident response or technical assistance, they can contact CISA at 888-282-0870 or ce*****@**sa.gov or the FBI through their local field office.

WaterISAC also encourages members to share information and report incidents by emailing an*****@*******ac.org, calling 866-H20-ISAC, or using the online incident reporting form. WaterISAC will continue to share information with its members and partners as more is learned.