Outbreak Alert
Watch Video
Russia's Cyber Unit Targets Global Infrastructure
FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and global critical infrastructure to conduct espionage, steal data, and compromise or destroy sensitive information. Learn More »
Common Vulnerabilities and Exposures
CVE-2020-1472
CVE-2021-26084
CVE-2021-3156
CVE-2021-4034
CVE-2022-27666
CVE-2021-33044
CVE-2021-33045
CVE-2022-26134
CVE-2022-26138
CVE-2022-3236
Background
Unit 29155 cyber actors are known to target critical infrastructure and key resource sectors, including the government services, financial services, transportation systems, energy, and healthcare sectors of NATO members, the EU, Central American, and Asian countries since 2020.
CISA's analysis concluded Unit 29155 cyber actors had exploited multiple CVEs for initial access. These CVEs primarily involve remote code execution, authentication bypass, privilege escalation, and buffer overflow issues affecting products and software such as Dahua IP Cameras, Atlassian Confluence Server and Data Center, and Sophos Firewall Vulnerabilities.
According to the advisory, to date, the FBI has observed more than 14,000 instances of domain scanning across at least 26 NATO members and several additional European Union (EU) countries.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Fortinet Customers remain protected by the FortiGuard IPS (Intrusion Prevention System) Security Service that can detect and block exploit attempts targeting the vulnerabilities listed in the CISA's advisory and has protections against known malware used in the campaigns. Please see the Solution Tab for full list of available protections.
-
September 05, 2024: CISA released a joint advisory as a collective assessment of Unit 29155 cyber operations since 2020.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a -
August 21, 2024: CISA recently added two new vulnerabilities related to CVE-2021-33044, CVE-2021-33045 (Dahua IP Security Cameras) to thier Known Exploited Vulnerabilities Catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog -
June 14, 2023: FortiGuard Labs released a Threat Signal on the related campaigns.
https://www.fortiguard.com/threat-signal-report/5197/
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
IPS
-
Web App Security
-
IoT/IIoT Virtual Patch
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Attack Surface Hardening
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Indicators of compromise
References
Sources of information in support and relation to this Outbreak and vendor.