A joint advisory released by government agencies (the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC)) in the U.S., U.K., and Australia warns that Iran-linked threat actors are exploiting Fortinet and Microsoft Exchange vulnerabilities in attacks aimed at critical infrastructure in the US and Australian organizations.
Threat actors are exploiting Microsoft Exchange ProxyShell vulnerability since October 2021 and Fortinet vulnerabilities since at least March 2021. The state-sponsored hackers targeted organizations in the transportation, healthcare, and public health sectors in the U.S., as well as Australian organizations.
