Thought Leadership
Mandiant has published new research on the mass exploitation of the zero-day vulnerability CVE-2024-47575 in FortiManager appliances.
So far, the cybersecurity company has identified more than 50 potentially affected victims in various countries and across a range of industries. Google Cloud has also notified potentially affected customers who have detected similar activity in their environments.
While Mandiant does not yet have more information about the threat actors exploiting this vulnerability, the earliest attack occurred on June 27, 2024 by a new threat cluster that the Google subsidiary now identifies as UNC5820.
According to the researchers, the vulnerability allows threat actors to exfiltrate data that could be used by threat actors to further compromise FortiManager, move laterally to managed Fortinet devices and ultimately attack the corporate environment.”
Mandiant advises companies whose FortiManager may have been exposed to the Internet to conduct a forensic investigation immediately.
(vp/Mandiant)
