The FBI and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) are warning about advanced persistent threat (APT) actors exploiting a Fortinet vulnerability to gain access to government and other networks, according to an April 2 joint advisory.
The joint advisory warns that APT actors are trying to utilize common vulnerabilities and exploits (CVEs), like spear phishing, to exploit vulnerabilities in FortiOS, the operating system behind Fortinet’s cybersecurity platform.
“The FBI and CISA have information indicating APT actors are using multiple CVEs to exploit Fortinet FortiOS vulnerabilities,” the joint advisory states. “The FBI and CISA believe the APT actors are likely exploiting these Fortinet FortiOS vulnerabilities … to gain access to multiple government, commercial, and technology services networks.”
The advisory warns threat actors could be trying to gain access across “multiple critical infrastructure sectors” as a precursor to “follow-on data exfiltration” or data encryption attacks. The advisory warns users of Fortinet to patch three specific CVEs, and for any organization not using FortiOS to add the application to the list of software that it denies installations.
Other mitigations the advisory recommends include requiring admin privileges for software installation, regularly backing up data and having a recovery plan, network segmentation, and auditing and configuring user accounts with “least privilege in mind.”