"FortiGate network appliances have considerable access to the environments they were installed to protect. In many configurations, this includes service accounts which are connected to the authentication infrastructure, such as Active Directory (AD) and Lightweight Directory Access Protocol (LDAP). This setup can enable the appliance to map roles to specific users by fetching attributes about the connection that's being analyzed and correlating with the Directory information."
"The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology information. The campaign has singled out environments tied to healthcare, government, and managed service providers. Attackers who break into FortiGate devices through known vulnerabilities or misconfigurations can exploit such access for unauthorized network traversal and persistence."
Cybersecurity researchers have identified a campaign where threat actors abuse FortiGate Next-Generation Firewall appliances as entry points to compromise victim networks. Attackers exploit recently disclosed security vulnerabilities or leverage weak credentials to extract configuration files containing sensitive service account credentials and network topology details. The campaign primarily targets healthcare, government, and managed service provider environments. FortiGate appliances typically have extensive access to protected environments, including service accounts connected to authentication infrastructure like Active Directory and LDAP. Attackers who successfully breach these devices through known vulnerabilities or misconfigurations can leverage this access to map user roles and establish persistent network access, enabling lateral movement and further compromise.
#fortigate-firewall-exploitation #credential-theft #initial-access-broker #healthcare-and-government-targeting #network-security-vulnerabilities
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]