CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory(https://www.ic3.gov/Media/News/2021/210402.pdf) (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379), CVE-2020-12812 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12812), and CVE-2019-5591 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5591). APT actors may use these vulnerabilities or other common exploitation techniques to gain initial access to multiple government, commercial, and technology services. Gaining initial access pre-positions the APT actors to conduct future attacks.
CISA encourages users and administrators to review Joint CSA AA21-092A: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks(https://www.ic3.gov/Media/News/2021/210402.pdf) —as well as CISA’s current activity alert(https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios) —and implement the recommended mitigations.
As always, please contact CISA (via email at central@cisa.dhs.gov or by phone at 1-888-282-0870) to report an intrusion or to request either technical assistance or additional resources for incident response.
Thank you for your continued collaboration.
Respectfully,
Cybersecurity and Infrastructure Security Agency
Defend Today Secure Tomorrow
