FBI says hackers hit US local government through Fortinet VPN

Cybersecurity
(Image credit: Shutterstock / song_about_summer)

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have shared details about threat attackers having breached the webserver of a US municipal government after exploiting vulnerabilities in the Fortinet VPN appliances.

The two agencies had previously warned Advanced Persistent Threat (APT) groups were likely exploiting several critical vulnerabilities in the Fortinet appliances. They specifically identified three vulnerabilities tracked as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591, urging users to patch them without delay.

"As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government," observed the FBI's Cyber Division in a flash alert as it continued to warn users of unpatched Fortinet appliances.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

The advisory further shared that the threat actors are “actively targeting” victims across multiple sectors, which suggests that they are indiscriminately looking for vulnerable hosts rather than targeting someone in particular.

Dropping backdoors

Based on its analysis of the threat actor’s movements on the municipal government’s compromised system, the FBI shared that once they were in, they moved through the network and created new domain controller, server, and workstation user accounts.

The FBI suggests that the threat actors’ activities can possibly be leveraged for malicious activities including the collection and exfiltration of data from the victims' network.

"APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spear phishing campaigns, website defacements, and disinformation campaigns," warned the agencies in their earlier advisory, as they suggested some mitigations to help Fortinet users avoid being attacked.

Via BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
The best free firewall
Palo Alto warns another major firewall hack has been detected
vpn
Ivanti warns another critical security flaw is being attacked
China
US Government officials urged to lock down devices amid telecoms breach
Latest in VPN Privacy & Security
Tor
What is Onion over VPN?
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar&#039;s VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Latest in News
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts&#039; web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all