APT Hackers Breached US Local Govt By Exploiting Fortinet Bugs : FBI
The release said an “APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government.”
After gaining access to the local government organization’s server, the advanced persistent threat (APT) actors moved laterally through the network and created new domain controller, server, and workstation user accounts mimicking already existing ones.
The FBI has also observed attackers associated with this ongoing APT malicious activity creating ‘WADGUtilityAccount’ and ‘elie’ accounts on compromised systems.
According to the FBI, this APT group will likely use this access to collect and exfiltrate data from the victims’ network.
“The APT actors are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors,” the FBI added.
The FBI did not say which local government was attacked, but the latest release follows multiple warnings about cyberattackers exploiting vulnerabilities related to Fortinet.