Threat Watch

Iranian State-Sponsored APT Exploiting Fortinet FortiOS and Exchange Proxyshell Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the UK National Cyber Security Centre (NCSC) released a joint advisory this morning that an Iranian government sponsored APT group is systematically exploiting known vulnerabilities in Fortinet FortiOS and Microsoft Exchange ProxyShell. Targeted organizations include a wide range of US critical infrastructure sectors, including transportation and healthcare. The following vulnerabilities are being exploited:

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Recommended mitigations include immediately patching affected software, enforce data backup and restoration protocols, and secure accounts with multi-factor authentication (MFA) to slow down privilege escalation and lateral movement. While these vulnerabilities may be patched, APT groups have the resources to research 0-day exploits and other tactics in order to breach an otherwise secure network perimeter. A defense-in-depth strategy that includes Managed Detection and Response (MDR) and post-exploitation threat hunting is necessary in order to mitigate risks in the modern threat environment.

https://thehackernews.com/2021/11/us-uk-and-australia-warn-of-iranian.html

https://us-cert.cisa.gov/ncas/alerts/aa21-321a

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support