Summary: A zero-day vulnerability is suspected to be the cause of recent attacks on Fortinet FortiGate firewall devices, where attackers gain unauthorized access to management interfaces. Researchers from Arctic Wolf have been monitoring the campaign, which appears opportunistic rather than targeted at specific sectors.
Threat Actor: Unknown | unknown
Victim: Various organizations | various organizations
Key Point :
- Attackers exploited management interfaces of FortiGate devices with firmware versions between 7.0.14 and 7.0.16.
- The campaign is broken into four phases: vulnerability scanning, reconnaissance, SSL VPN configuration, and lateral movement.
- Researchers observed extensive use of the jsconsole interface from unusual IP addresses during the attacks.
- Organizations are advised to restrict access to management interfaces and regularly update firmware to mitigate risks.
Source: https://www.darkreading.com/threat-intelligence/zero-day-security-bug-fortinet-firewall-attacks