Skip to content Skip to navigation Skip to footer

FortiGuard Outbreak Alerts

Tactical steps to mitigate the latest cybersecurity attacks

2021 Gartner® Magic Quadrant™ for WAN Edge Infrastructure

News on Outbreak Alert

As the threat landscape continues to evolve, we are seeing an increase in the sophistication of cyber-attacks as well as their ability to affect thousands of organizations in a single incident.

These are the situations where our customers and partners look to FortiGuard Labs to help them understand what happened, the technical details and how they can protect themselves from the attack and others like it. We do that through the FortiGuard Outbreak Alert. These are the Outbreak Alerts we are tracking:

July 1, 2021
Kaseya VSA

Kaseya VSA

Attack Type: Vulnerability Exploitation and REvil Ransomware-as-a-Service
Threat Actor: REvil plus unidentified associate

A sophisticated supply-chain ransomware attack that leveraged a vulnerability in the Kaseya VSA software to infect multiple managed service providers (MSPs) and their customers. We provide Outbreak Alert analyses for both the initial exploitation and the subsequent ransomware attack.

June 30, 2021
Microsoft Print Spooler

Microsoft Print Spooler

Attack Type: Vulnerability Exploitation
Threat Actor: Unidentified

A potentially new zero-day Microsoft vulnerability, dubbed "PrintNightmare," makes it possible for any authenticated attacker to remotely execute code with SYSTEM privileges on any machine that has the Windows Print Spooler service enabled (which is the default setting).

May 6, 2021
Colonial Pipeline

Colonial Pipeline

Attack Type: Ransomware
Threat Actor: DarkSide

Operation Technology (OT) Attack. These actions temporarily halted all pipeline operations and affected some of their IT systems, causing gas shortages and taking weeks to recover.

Mar 10, 2021
F5 Big IP

F5 Big IP

Attack Type: Vulnerability Exploitation
Threat Actor: Multiple

F5 reported several new vulnerabilities under attack that could lead to complete system compromise.  F5 urged immediate upgrades.

Jan 6, 2021
Microsoft Exchange

Microsoft Exchange

Attack Type: Vulnerability Exploitation and DearCry Ransomware
Threat Actor: HAFNIUM

The original Zero-Day vulnerabilities were exploited and used by the HAFNIUM group for the global Ransomware campaign

Dec 2020
SolarWinds

SolarWinds

Attack Type: Hack (Sunburst, Teardrop, Raindrop malware
Threat Actor: Russian Foreign Intelligence Service (SVR)

A complex & targeted supply chain cyber attack, with the primary goal of inserting a malicious backdoor into trusted (signed) software, which could later be exploited in end-customer updates of the SolarWinds Orion platform.

FortiGuard Outbreak Alerts

FortiGuard Outbreak Alerts will be the mechanism for communicating important information to customers and partners.  When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, this page will be updated with a link to the individual FortiGuard Outbreak Alert.  That Alert will include:

  • An explanation of the attack, its timeline and what specific technology was affected
  • Where applicable patches and/or mitigation recommendations can be found
  • What Fortinet products, if deployed, would break the attack sequence
  • What specific versions those Fortinet products need to be at to provide the protection
  • Threat Hunting tools from Fortinet to help you determine if you were affected
  • Related research from FortiGuard Labs
Click here to learn more about our FortiGuard suite of market-leading, AI-enabled security capabilities.