Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A recent campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces has been observed. The threat actors gained unauthorized access to the firewalls' administrative controls, created new accounts, established SSL VPN connections, and made various configuration changes. While the initial access vector remains unconfirmed, a zero-day vulnerability is highly suspected. The campaign progressed through four phases: vulnerability scanning, reconnaissance, SSL VPN configuration, and lateral movement. Affected firmware versions ranged from 7.0.14 to 7.0.16. The attackers used jsconsole sessions with spoofed IP addresses and made suspicious configuration changes. Organizations are urged to disable firewall management access on public interfaces immediately to mitigate the risk.
OPENCTI LABELS :
ssl vpn,fortinet,jsconsole,lateral movement,zero-day,vulnerability scanning,fortigate,firewall
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls