Threat Signal

The Threat Signal created by the FortiGuard Labs is intended to provide you with insight on emerging issues that are trending within the cyber threat landscape. The Threat Signal will provide concise technical details about the issue, mitigation recommendations and a perspective from the FortiGuard Labs team in an FAQ style format.

Whether it’s significant vulnerability disclosures including high profile zero days, coordinated announcements with Cyber Threat Alliance partners, malware of significance, or any threat making the news cycle, FortiGuard Threat Signals are there for you.

APT41 Compromised Six U.S. State Government Networks
FortiGuard Labs is aware of a report that threat actor APT41 compromised at least six networks belonging to U.S. state gov...
Mar 10, 2022 Threat Level: MED ID: 14
FBI Releases Updated Indicators of Compromise for RagnarLocker Ransomware
FortiGuard Labs is aware that the U.S. Federal Bureau of Investigation (FBI) released the updated indicators of compromise...
Mar 09, 2022 Threat Level: MED ID: 14
MicroBackdoor Used in Attacks Against Ukraine Organizations
FortiGuard Labs is aware of a report from CERT-UA that Ukrainian organizations are under cyberattacks that aim to install ...
Mar 09, 2022 Threat Level: MED ID: 13
RuRAT Malware Used in Spear-phishing Attacks Against US media Organizations
FortiGuard Labs is aware of a report that RuRAT malware was distributed in the recent spear-phishing attack against media ...
Mar 06, 2022 Threat Level: MED ID: 12
Remote Utilities Software Distributed in Ukraine via Fake Evacuation Plan Email
FortiGuard Labs is aware that a copy of Remote Utilities was submitted from Ukraine to VirusTotal on February 28th, 2022. ...
Mar 01, 2022 Threat Level: MED ID: 11
Kernel Level Rat "Daxin" Discovered
FortiGuard Labs is aware of a newly discovered backdoor dubbed Daxin. Discovered by Symantec, this backdoor allows an att...
Feb 28, 2022 Threat Level: MED ID: 11
Previously Unseen Backdoor Bvp47 Potentially Victimized Global Targets
FortiGuard Labs is aware of a report by Pangu Lab that a new Linux backdoor malware that reportedly belongs to the Equatio...
Feb 24, 2022 Threat Level: MED ID: 10
New Wiper Malware Discovered Targeting Ukrainian Interests
Update March 1: Added new detections for publicly available IsaacWiper and HermeticWiper samples from ESET blog .UPDATE F...
Feb 23, 2022 Threat Level: MED ID: 9
Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087
UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on Februa...
Feb 15, 2022 Threat Level: MED ID: 8
ACTINIUM - Targeting Interests in the Ukraine
FortiGuard Labs is aware of various campaigns targeting Ukraine by threat actors known as ACTINIUM/Gamaredon/DEV-0157. ACT...
Feb 04, 2022 Threat Level: MED ID: 7
Sugar Ransomware in the Wild
FortiGuard Labs is aware that a new ransomware called "Sugar" is in the wild. Reportedly, Sugar ransomware targets consume...
Feb 03, 2022 Threat Level: MED ID: 6
Proof-of-Concept Code Now Available for an Exploited Windows Local Privilege Escalation Vulnerability
FortiGuard Labs is aware that a Proof-of-Concept (POC) code for a newly patched Windows vulnerability (CVE-2022-21882) tha...
Jan 30, 2022 Threat Level: MED ID: 5
BotenaGo Malware Targets Multiple IoT Devices
FortiGuard Labs is aware of a report that source code of BotenaGo malware was recently made available on GitHub. BotenaGo ...
Jan 27, 2022 Threat Level: MED ID: 4
Wiper malware hit Ukrainian organizations
UPDATE January 19: Updated Coverage section about the third malware that FortiGuard Labs has confirmed as a wiper malware....
Jan 17, 2022 Threat Level: MED ID: 3
Wormable Windows Vulnerability (CVE-2022-21907) Patched by Microsoft
UPDATE January 13 2022: Protection section has been updated with a IPS signature information.FortiGuard Labs is aware that...
Jan 12, 2022 Threat Level: MED ID: 2