Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/screaminggoat/statuses/113832799667813144">screaminggoat (screaminggoat@infosec.exchange)'s status on Wednesday, 15-Jan-2025 23:20:52 JST</a><a href="https://infosec.exchange/@screaminggoat" title="screaminggoat@infosec.exchange"><img src="https://gnusocial.jp/avatar/278335-48-20250102170004.webp" width="48" height="48" alt="screaminggoat" style="position: absolute; left: 0; top: 0;">screaminggoat</a><div><a href="https://infosec.exchange/@screaminggoat/113827171069136576" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p>Note that Fortinet's security advisory has Indicators of Compromise, of which 3 out of 5 IP addresses overlap with Arctic Wolf reporting from 10 January 2025: <a href="https://arcticwolf.com/resources/blog-uk/campaign-targeting-publicly-exposed-management-interfaces-on-fortinet-fortigate-firewalls/" rel="nofollow">Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls</a>.</p><p>While its use in a ransomware campaign <a href="https://techcrunch.com/2025/01/14/hackers-are-exploiting-a-new-fortinet-firewall-bug-to-breach-company-networks/" rel="nofollow">hasn't been confirmed</a> by Arctic Wolf, <a href="https://cyberplace.social/@GossiTheDog" rel="nofollow">@GossiTheDog</a>  notes <a href="https://cyberplace.social/@GossiTheDog/113828060350738157" rel="nofollow">exploitation by a ransomware operator</a>:</p><p>they have a copy of an exploit and are using it for initial access and handing off for lateral movement.</p><p><a href="https://infosec.exchange/tags/CVE_2024_55591" rel="tag">#CVE_2024_55591</a> <a href="https://infosec.exchange/tags/threatintel" rel="tag">#threatintel</a> <a href="https://infosec.exchange/tags/ioc" rel="tag">#ioc</a> <a href="https://infosec.exchange/tags/fortinet" rel="tag">#fortinet</a> <a href="https://infosec.exchange/tags/FortiProxy" rel="tag">#FortiProxy</a> <a href="https://infosec.exchange/tags/fortios" rel="tag">#fortios</a> <a href="https://infosec.exchange/tags/zeroday" rel="tag">#zeroday</a> <a href="https://infosec.exchange/tags/vulnerability" rel="tag">#vulnerability</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> <a href="https://infosec.exchange/tags/eitw" rel="tag">#eitw</a> <a href="https://infosec.exchange/tags/activeexploitation" rel="tag">#activeexploitation</a> <a href="https://infosec.exchange/tags/cisakev" rel="tag">#cisakev</a> <a href="https://infosec.exchange/tags/kev" rel="tag">#kev</a> <a href="https://infosec.exchange/tags/cti" rel="tag">#cti</a> <a href="https://infosec.exchange/tags/cyberthreatintelligence" rel="tag">#cyberthreatintelligence</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4372942#notice-8564912">In conversation</a><time datetime="2025-01-15T23:20:52+09:00" title="Wednesday, 15-Jan-2025 23:20:52 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@screaminggoat/113832799667813144" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@screaminggoat/113832799667813144">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Wednesday, 15-Jan-2025 23:20:52 JSTscreaminggoat
in reply to
- Kevin Beaumont
Note that Fortinet's security advisory has Indicators of Compromise, of which 3 out of 5 IP addresses overlap with Arctic Wolf reporting from 10 January 2025: Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls.
While its use in a ransomware campaign hasn't been confirmed by Arctic Wolf, @GossiTheDog notes exploitation by a ransomware operator:
they have a copy of an exploit and are using it for initial access and handing off for lateral movement.
#CVE_2024_55591 #threatintel #ioc #fortinet #FortiProxy #fortios #zeroday #vulnerability #infosec #cybersecurity #cybersecurity #eitw #activeexploitation #cisakev #kev #cti #cyberthreatintelligence #infosec
In conversationabout 3 months ago from infosec.exchangepermalink