Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Summary
Threat actors are actively exploiting a critical, patched vulnerability in FortiClient Endpoint Management Server (EMS) to distribute credential-stealing malware. The campaign leverages trusted endpoint management infrastructure to deliver payloads disguised as legitimate Fortinet software across managed endpoints.
IFF Assessment
This article describes ongoing exploitation of a critical vulnerability, which represents a direct threat to organizations and their data.
Severity
The vulnerability is described as 'critical' and leads to the deployment of credential-stealing malware, indicating a high attack vector and significant impact on confidentiality, integrity, and availability.
Defender Context
This highlights the ongoing risk posed by unpatched critical vulnerabilities in widely used endpoint management solutions. Defenders must prioritize patching FortiClient EMS deployments and implement robust monitoring to detect and block the deployment of credential-stealing malware that may be disguised as legitimate software.