two communes ofAndorra and a private tax advisory company are among the affected by the cyber espionage case known as FortiBleedas explained yesterday at Diari Álvaro Martínez, president of the Electronic Border Protection association. The campaign has committed more than 73,900 Fortinet firewalls in 194 countriesincluding systems located in Andorra.
Martinez he emphasized that it is important to differentiate between what is known for sure and what attackers could do. As he detailed, cybercriminals have succeeded system access credentials, known as VPNswhich would allow them to connect by pretending to be legitimate workers. This situation could give them access to internal files and sensitive information of the affected organizations. “They got access to one of the commons vpn and credentials and to the other common affected only accesses to the vpn“, he pointed out Martinez.
indistinguishable
“We know they have the credentials, but we don’t know if they entered and used them,” said the expert. The person responsible for Protection of the Electronic Border detailed that this type of intrusion is particularly difficult to detect because the attackers are “indistinguishable from a worker” and can be mimicked with the organization’s technological environment.
Andorra’s National Cybersecurity Agency (ANC-AD) had already warned of this campaign of cyberespionage on an industrial scalewhich has compromised over 73,900 devices Fortinet around the world The agency reported that attackers have executed more than 1.16 billion access attempts with credentials against FortiGate devices and SSL VPN gatewaysleveraging databases of credentials previously stolen through specialized malware.
If an affectation is confirmed, Martinez he noted that the next steps are to investigate the intrusion to determine the scope of the attack, revoke the compromised credentials, and generate new ones with more security safeguards. He also considered it necessary to carry out one audit by cyber security specialists to determine if a data breach has occurred and what information may have been exposed.
