Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign
Apr 17, 2024
Vulnerability / Web Application Firewall
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests. Cybersecurity firm Forescout is tracking the campaign under the codename Connect:fun owing to the use of ScreenConnect and Powerfun for post-exploitation. The intrusion, which targeted an unnamed media company that had its vulnerable FortiClient EMS device exposed to the internet, took place shortly after the release of a proof-of-concept (PoC) exploit for the flaw on March 21, 2024. Over the next couple of days, the unknown adversary was observed leveraging the flaw to unsuccessfully download ScreenConnect an...