The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. An APT group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government. The feds uncovered the attack in May 2021, government experts reported that the threat actors likely created an account with the username elie to gain persistence on the network. The tools associated with this attack are: Mimikatz (credential theft) MinerGate (crypto mining) WinPEAS (privilege escalation)”]
Source: https://securityaffairs.co/wordpress/118338/apt/fortinet-vpn-us-municipal-government.html

