KeyPlug-Linked Server Exposes Fortinet Exploits & Webshell Activity Targeting a Major Japanese Company
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A server linked to KeyPlug malware briefly exposed tooling used in active operations. The infrastructure, live for less than a day, revealed Fortinet firewall and VPN exploit scripts, a PHP webshell, and network reconnaissance tools targeting authentication and internal portals of a major Japanese company. The exposed directory provided insight into the attacker's workflow, from infrastructure reconnaissance to post-access session management. Notable files included Fortinet reconnaissance scripts, CDN fingerprinting tools, and encrypted command execution utilities. The server's brief exposure offers a rare glimpse into the operational staging and planning of a likely advanced adversary.
OPENCTI LABELS :
fortinet,keyplug,cve-2024-23108,cve-2024-23109
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
KeyPlug-Linked Server Exposes Fortinet Exploits & Webshell Activity Targeting a Major Japanese Company