Cybersecurity Blog

New Threat Targeting Fortinet FortiGuard Devices

Authored by Khalim Cisse; Cybersecurity Consultant and Luke Minniear; Cybersecurity Consultant

What is Going On

              A state-sponsored actor based in China, “Volt Typhoon,” has recently created waves of concern within the cybersecurity industry. The threat actor, who has been known for carrying out cyber espionage, has managed to establish persistent access within telecom networks and other critical infrastructure targets in the US. Volt Typhoon has been reported to gain initial access through vulnerabilities present within Fortinet FortiGuard software. By using living-off-the-land techniques and hijacking native tools, the threat actor effectively avoids detection. Consequently, the threat actor possesses the capability to gather intelligence from numerous organizations.

Who Should Be Concerned

Currently, the scope of this attack is limited to organizations utilizing internet-facing Fortinet FortiGuard devices. The affected entities span across diverse sectors such as communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. However, it is crucial to recognize that other sectors could also potentially be impacted. Consequently, there exists a considerable number of organizations vulnerable to the targeting by Volt Typhoon, with the potential for data exfiltration.

If You Are Concerned, Next Steps

              To mitigate the risks associated with the Volt Typhoon cyber threat, organizations are strongly recommended to consult two authoritative sources. The National Security Agency (NSA) has published a comprehensive Cybersecurity Advisory titled “People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (available at: Cybersecurity Advisory). This provides valuable insights and recommended strategies to counter the threat.

Additionally, Microsoft Threat Intelligence has also released an informative article that outlines mitigation and protection guidance for organizations targeted by Volt Typhoon’s “Living off the Land” techniques. The article can be accessed at: Microsoft Threat Intelligence Article.

By referring to these resources, organizations can access expert advice and best practices to strengthen their defenses against Volt Typhoon’s attacks. It is crucial to stay informed and implement the recommended mitigation measures to safeguard critical infrastructure and sensitive information.

How can CLA help?

CLA’s cybersecurity team has years of experience performing risk assessments, application review, responding to cyber incidents and helping mitigate them. Please contact us to help in assessing and mitigating your risk for a cyber attack.

Tags: , , , , , , , , , , Incident Response, Information Security | Comments Off on New Threat Targeting Fortinet FortiGuard Devices

  • 813-384-2735

Kadian currently works with the Information Security Services Group as well as higher education group providing compliance services, outsourcing and co-sourcing engagements and information security assessments.

Comments are closed.

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.