The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review Fortinet’s advisory and implement the following:
- Upgrade to FortiOS versions 7.6.2, 7.4.7, 7.2.11, 7.0.17, 6.4.16 to remove the malicious file and prevent re-compromise.
- Review the configuration of all in-scope devices.
- Reset potentially exposed credentials.
- As a work-around mitigation until the patch is applied, consider disabling SSL-VPN functionality, as exploitation of the file requires the SSL-VPN to be enabled.
See the following resource for more information: Analysis of Threat Actor Activity | Fortinet Blog
For additional mitigation information, see the recommended steps to execute in case of a compromised host Fortinet Community Technical Tip.
Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.
Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov <wbr />with any questions. Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.
