Local Government breached by an APT

The US FBI announced that a new APT group attacked the webserver of a municipal government.  After gaining access to the webserver they then pivoted to other parts of the Information Technology network.  It appears that the group used a known issue (see links below) in a Fortigate appliance.  The group appears to have used very sophisticated techniques and are suspected to have been active in other areas.

https://www.bleepingcomputer.com/news/security/fbi-apt-hackers-breached-us-local-govt-by-exploiting-fortinet-bugs/

https://cyware.com/news/another-apt-group-piercing-into-us-local-government-networks-610974d1

Fortinet CVE's and news

https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-attacking-fortinet-fortios-servers/

https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/

https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12812

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5591

Government resources

https://www.ic3.gov/Media/News/2021/210402.pdf

For more information, or to comment on this topic, visit Yet Another Security Blog.