This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
After issuing a cybersecurity advisory warning that APT hacker groups are purposefully targeting vulnerabilities in Fortinet FortiOS, the FBI now warned that after hacking a Fortinet appliance, state-sponsored attackers compromised the webpage of a US local government.
Fortinet is a multinational security company based in Sunnyvale, California. It creates and sells cybersecurity solutions, which include hardware like firewalls as well as software and services like anti-virus protection, intrusion prevention systems, and endpoint security components.
“As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a web-server hosting the domain for a U.S. municipal government,” the FBI’s Cyber Division said in a TLP:WHITE flash alert published on 27th May.
The advanced persistent threat (APT) actors moved laterally around the network after gaining access to the local government organization’s server, creating new domain controller, server, and workstation user identities that looked exactly like existing ones. On compromised systems, attackers linked to this ongoing APT harmful activity have created ‘WADGUtilityAccount’ and ‘elie’ accounts, according to the FBI.
This APT organization will most likely utilize this access to capture and exfiltrate data from the victims’ network, according to the FBI. “The APT actors are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors,” the FBI added.
FBI says Attackers Breached US Local Govt After Hacking a Fortinet Appliance