BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Hackers Are Targeting Organizations with FortiOS Vulnerability Exploitation

Hackers Are Targeting Organizations with FortiOS Vulnerability Exploitation

BRANDEFENSE
Security News
14/03/2023

Last updated on March 16th, 2023 at 04:35 pm

Table of Contents

  • FortiOS Vulnerability Allows Hackers to Take Down Firewall Devices
    • Understanding the seriousness of this FortiOS vulnerability is critical!
    • The vulnerability can lead to arbitrary code execution in vulnerable systems
  • Threat Actors Manipulating Firmware to Gain Control of FortiGate Devices
      • Don't Let Vulnerabilities Take Down Your Systems - Try Our Vulnerability Intelligence Solution Today!

FortiOS Vulnerability Allows Hackers to Take Down Firewall Devices

 

FortiOS Vulnerability Exploited by Hackers in Targeted Attacks Against Governments and Large Organizations

Hackers exploit a severe vulnerability, CVE-2022-41328, in FortiOS – an operating system widely used by governments and large organizations. This flaw enables them to execute arbitrary code and has already caused data loss and system corruption in targeted organizations. The vulnerability affects various versions of FortiOS, but the fix is available in the latest updates. Fortinet, the vendor, is closely monitoring the situation.

Understanding the seriousness of this FortiOS vulnerability is critical!

Hackers have already used it to breach government and large organizations’ systems. A recent report from Fortinet revealed that threat actors had hacked and taken down multiple FortiGate firewall devices belonging to one of its clients using CVE-2022-41328 exploits, even though the flaw’s advisory did not explicitly state that the vulnerability had been exploited before patches were available.

According to Bleepingcomputer, threat actors are using a critical FortiOS vulnerability to launch attacks against government agencies and large-scale organizations. These attacks are causing data loss, operating systems, and file corruption in the targeted organizations’ inventory.

“Don’t fall prey to cybercrime! The FortiOS vulnerability is no joke – hackers have already exploited it to breach top government and corporate systems. Stay informed and stay secure!”

It is crucial for organizations to update their FortiOS installations to the latest version as soon as possible to avoid falling victim to this vulnerability. Additionally, organizations should review their security policies and ensure that proper security measures, such as firewalls, intrusion detection and prevention systems, and network segmentation, are in place to mitigate the risk of cyber attacks.

Regular security assessments and vulnerability scans can help organizations identify and address potential security issues before malicious actors exploit them. In addition, organizations can consider engaging with third-party security experts to conduct penetration testing and other security assessments to identify any vulnerabilities in their systems. By taking these proactive steps, organizations can better protect themselves against the increasing threat of cyber-attacks and safeguard their sensitive data and systems from unauthorized access and data breaches.

fortios result 34 brandefense
Figure: The logs, below table, show the "msg" filed that is containing “upload-icon” and “run script” commands. (Source: Fortinet)

The vulnerability can lead to arbitrary code execution in vulnerable systems

 CVE-2022-41328, is a path traversal vulnerability that vulnerability arises from an authentication error while processing a specific CLI command and affects the following FortiOS versions;

  • 6.0, 
  • 6.2, 
  • 6.4.0 – 6.4.11, 
  • 7.0.0 – 7.0.9, 
  • 7.2.0 – 7.2.3

The updates that address the vulnerability are available in versions;

  • 6.4.12
  • 7.0.10
  • 7.2.4

 

Threat Actors Manipulating Firmware to Gain Control of FortiGate Devices

 

The attacks targeting the organization’s inventory were initially detected when a customer’s multiple FortiGate devices suddenly stopped working and encountered a boot error. 

They found that the devices had stopped with the following error message: “System enters error mode due to FIPS error: Firmware Integrity self-test failed.” FIPS-enabled devices verify the integrity of system components. If a breach of integrity is detected, the device shuts down and rejects the boot to protect network integrity.

Don't Let Vulnerabilities Take Down Your Systems - Try Our Vulnerability Intelligence Solution Today!

Click here

FORTINET investigations revealed that threat actors changed the /sbin/init component in the device’s firmware image and added a new file named /bin/fgfm as the first stage of the attack chain. This change allows /bin/fgfm to run before normal startup actions, providing an attacker with continued access and control. Further stages of the attack involved executing malicious code on the targeted systems.

Fortinet is continuing to monitor the threat actors associated with this attack. In this context, to avoid falling victim to similar attacks targeting organizations’ inventories, ensuring that the internal inventory is always in the latest updated version, where vulnerabilities are fixed, is recommended. In addition, regularly monitoring network traffic and logs can also help to detect malicious activity quickly.

To prevent further damage, users of FortiOS must update their systems immediately. Regular network traffic and logs monitoring can help identify any suspicious activities early. Taking these precautions will help protect against future attacks and safeguard the integrity of your systems.

It is essential to be aware of this critical FortiOS vulnerability as it has been used in attacks targeting government institutions and large-scale organizations, resulting in data loss and corruption. Organizations using FortiOS should update their systems to the latest available versions immediately to mitigate the risk of being affected by this vulnerability. Regular network traffic and logs monitoring can also help quickly detect malicious activity. These steps can help prevent attacks on internal inventory and protect network integrity.

Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • What is Supply Chain Security?
    What is Supply Chain Security?
  • Godfather Android Banking Trojan Technical Analysis
    Godfather Android Banking Trojan Technical Analysis
  • Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
    Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
  • Perspective of the Month | Anonymous Sudan | June – July 2023
    Perspective of the Month | Anonymous Sudan | June – July 2023
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

Women in cybersecurity bring new perspectives to the industry!

2 8 mart 2023 calisma yuzeyi 1 brandefense
is accessing the dark web illegal?
Next post

How to Access Dark Web?

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close