FBI revealed a new APT group recently targeted a US local government’s web server. The group was able to move laterally across the network after getting access to the local government organization’s server.
The group used a Fortigate appliance to gain access to a web server and imitated existing domain controller, server, and workstation user identities.
The FBI has been issuing warnings about state-sponsored APT groups targeting vulnerabilities in Fortinet and other business products. In addition to immediately addressing exploitable vulnerabilities, the FBI recommended that organizations check domain controllers, workstations and servers for new user accounts on a regular basis.
To Read More: cyware