Hackers Exploit Fortinet EMS Vulnerability for Remote Access
/ 1 min read
🕵️♂️ Hackers exploit critical Fortinet vulnerability to deploy remote access tools. A recently patched SQL injection vulnerability, CVE-2023-48788, with a CVSS score of 9.3, is being actively exploited by cybercriminals to install remote desktop software like AnyDesk and ScreenConnect on compromised systems. Russian cybersecurity firm Kaspersky reported that the attacks targeted a company’s Windows server exposed to the internet, allowing unauthorized code execution. The threat actors utilized this vulnerability to gain initial access, subsequently uploading various payloads for credential harvesting and lateral movement within the network. The campaign has affected companies across multiple countries, including Brazil, France, and Turkey, highlighting the evolving tactics of cyber attackers. Kaspersky noted ongoing attempts to weaponize the vulnerability, indicating a persistent threat landscape.
