Editor's Note: This story was updated on April 2 at 5:35 PM ET to include Fortinet's statement.
The FBI and Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today issued a joint advisory warning admins of active exploits targeting three vulnerabilities in Fortinet FortiOS.
In March 2021, the FBI and CISA observed advanced persistent threat (APT) attackers scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379 in FortiOS. They also noticed attackers scanning enumerated devices for CVE-2020-12812 and CVE-2019-5591. Officials believe attackers are attempting to access multiple government, commercial, and technology services networks.
"The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks," the full advisory states.
APT groups have historically exploited critical vulnerabilities to launch distributed denial-of-service attacks, ransomware campaigns, SQL injection attacks, spear-phishing campaigns, website defacements, and disinformation attacks, officials note.
The FortiOS advisory arrives two days after CISA issued further guidance on its emergency directive regarding the Microsoft Exchange Server vulnerabilities patched last month. Its latest update instructs federal departments and agencies to run Microsoft's new Test-ProxyLogon.script and Safety Scanner tool to determine whether they have been compromised.
Fortinet followed up on its release of a patch for CVE-2018-13379 with blog posts in August 2019 and July 2020 to provide more details and warn customers of active attacks by APT 29. "If customers have not done so, we urge them to immediately implement the upgrade and mitigations," Fortinet says in a statement on today's advisory.
Read the CISA advisory for more information on the FortiOS exploits.