The Federal Bureau of Investigation (FBI) issued a flash alert on Thursday after a local government office was attacked through Fortinet vulnerabilities earlier this month. 

The release said an “APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government.” 

After gaining access to the local government organization’s server, the advanced persistent threat (APT) actors moved laterally through the network and created new domain controller, server, and workstation user accounts mimicking already existing ones.

Buy Me A Coffee

The FBI has also observed attackers associated with this ongoing APT malicious activity creating ‘WADGUtilityAccount’ and ‘elie’ accounts on compromised systems.

According to the FBI, this APT group will likely use this access to collect and exfiltrate data from the victims’ network.

“The APT actors are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors,” the FBI added.

The FBI did not say which local government was attacked, but the latest release follows multiple warnings about cyberattackers exploiting vulnerabilities related to Fortinet. 

READ
Internet Archive Hacked: Data of 31 Million Users Exposed in Major Breach