The US Federal Bureau of Investigation issued a flash warning late last week pertaining to the exploitation of Fortinet vulnerabilities by advanced persistent threat (APT) groups. The FBI stated that an APT group has been actively targeting a FortiGate appliance since May 2021 seeking to access a web server hosting a domain belonging to the US municipal government. The APT actors have allegedly established new user accounts on domain controllers, servers, workstations, and the active directories, all actions that help the cybercriminals to conduct malicious activity on the network.

The FBI stated that organizations should be on the lookout for any accounts created with the usernames “elie” and “WADGUtilityAccount.” After obtaining internal access to a network, the APT actors can perform data encryption or exfiltration. According to the FBI, the activity appears to be focused on particular vulnerabilities rather than sectors, as the APT threat actors have been observed targeting a broad range of victims in different industries.

Read More: FBI Issues Fortinet Flash Warning