Threat actors are actively exploiting a critical, patched vulnerability in FortiClient Endpoint Management Server (EMS) to deploy credential-stealing malware across enterprise networks. The attackers leveraged trusted endpoint management infrastructure to distribute malicious payloads disguised as legitimate Fortinet endpoint components, allowing them to compromise managed endpoints at scale.
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints," Arctic Wolf said. "Threat actors disguised the credential stealer payload as a Fortinet endpoint
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
