"FBI Issues Fortinet Flash Warning"
The United States Federal Bureau of Investigation issued a flash warning Thursday over the exploitation of Fortinet vulnerabilities by advanced persistent threat (APT) groups. According to the FBI, an APT actor group has been exploiting a FortiGate appliance since at least May 2021 to access a web server hosting the domain for a US municipal government. The APT actors may have established new user accounts on domain controllers, servers, workstations, and the active directories to help them carry out malicious activity on the network. The FBI stated that some of these accounts appear to have been created to look similar to other existing accounts on the network, so specific account names may vary per organization. However, the Feds warned organizations to be on the lookout for accounts created with the usernames "elie" or "WADGUtilityAccount." Once inside a network, the APT actors can conduct data exfiltration, data encryption, or other malicious activity. The alert comes just one month after the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that APT actors had gained access to devices on ports 4443, 8443, and 10443 for Fortinet FortiOS CVE-2018-13379, and enumerated devices for FortiOS CVE-2020- 12812 and FortiOS CVE-2019-5591.