Advanced hackers use Fortinet flaws in likely attempt to breach government networks, feds warn

The attackers could be using the bugs to access “key networks" as part of data-exfiltration or encryption attempts, officials said.
Phil Quade (Source; Fortinet)

Advanced hackers are exploiting old flaws in popular enterprise software made by Fortinet in a possible attempt to access networks in multiple critical infrastructure sectors, the FBI and Department of Homeland Security warned on Friday.

“Advanced persistent threat” actors — a term that usually refers to state-linked groups — are likely using the software flaws to breach “multiple government, commercial, and technology services networks,” states the advisory from the FBI and DHS’s Cybersecurity and Infrastructure Security Agency.

The agencies said that the attackers, whom they did not identify, could be using the bugs in Fortinet software to access “key networks as pre-positioning for follow-on data exfiltration or data encryption attacks.”

The three vulnerabilities are in FortiOS, security software that government agencies and big corporations use to manage their networks. Hackers could exploit the bugs to intercept sensitive data on networks. Fortinet disclosed the vulnerabilities in 2018, 2019 and 2020 and issued fixes for them. That the bugs continue to be useful to hackers points to the fact that some organizations still have not updated their software.


The FBI and CISA advised organizations that haven’t applied the software patches to do so immediately.

“The security of our customers is our first priority,” California-based Fortinet, which is a popular U.S. government contractor, said in a statement. The company said it promptly issued fixes for the vulnerabilities when they were discovered, and urged customers that hadn’t applied them to do so.

The advisory is part of a recurring effort by U.S. government officials to warn companies of ongoing hacking operations based on popular software. The FBI and CISA in September publicized a suspected Chinese intelligence operation that allegedly exploited software made by F5 Networks and Citrix, among other vendors.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts