Help
FortiRecon
FortiRecon is a digital risk protection (DRP) service that allows customers to gain visibility of their digital attack surface, receive targeted threat intelligence, and reduce organisational risk.
bmali
Staff
Staff

Created on ‎04-23-2024 04:25 AM

Article Id 311056

Outbreak Alert: Akira Ransomware

FortiRecon Digital Risk Protection (DRP), a SaaS-based service, includes External Attack Surface Management, Brand Protection, and Adversary Centric Intelligence.

 

Adversary Centric Intelligence (ACI): leverages FortiGuard Threat Analysis to provide comprehensive coverage of dark web, open-source, and technical threat intelligence, including threat actor insights to enable organizations to respond proactively assess risks, respond faster to incidents, better understand their attackers, and guard assets.

 

Ransomware Intelligence Module under Adversary Centric Intelligence (ACI) provides insights into Ransomware Groups and their victims, which enables organizations to monitor supply chain risk and better understand the ransomware landscape.

 
Adversary Akira Ransomware
Description Akira ransomware first emerged in March 2023, targeting Windows systems in various industries, including education, finance, real estate, manufacturing, and consulting. Like other enterprise-targeting ransomware gangs, the threat actors steal data from breached networks and encrypt files to conduct double extortion on victims, demanding payments that reach several million dollars.
Exploited Vulnerabilities
  • CVE-2020-3259: Cisco ASA and FTD Information Disclosure Vulnerability
  • CVE-2020-3580: Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
  • CVE-2023-20269: Cisco ASA and FTD Information Disclosure Vulnerability 
ACI Reporting Coverage 11 (TECHINT, OSINT)
Additional Information
  • Total 252 victims to date.
  • Top country victims from the United States
  • The top victim sector falls within the Manufacturing

 

 

CVE ID    CVE-2020-3259
CVE Title    Cisco ASA and FTD Information Disclosure Vulnerability
NVD Severity High
FortiRecon Severity Critical
FortiRecon Score 90/100
Exploited Yes
Exploited by Ransomware Group(s) Yes (Akira Ransomware)
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 0
Available POC exploit(s) 0
Darknet Mention(s) 0
Telegram Mention(s) 0
FortiRecon Intelligence Reporting(s) 4(OSINT, TECHINT)
Social Media Mention(s) 4
EASM Scanner    No   

 

CVE ID CVE-2020-3580
CVE Title Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
NVD Severity MEDIUM
FortiRecon Severity CRITICAL
FortiRecon Score 90/100
Exploited Yes
Exploited by Ransomware Group(s) Yes (akira ransomware operators, lockbit ransomware operators)
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 0
Available POC exploit(s) 0
Darknet Mention(s) 0
Telegram Mention(s) 0
FortiRecon Intelligence Reporting(s) 1 (OSINT)
Social Media Mention(s) 12

 

CVE ID    CVE-2023-20269
CVE Title    Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
NVD Severity Critical
FortiRecon Severity Critical
FortiRecon Score 90/100
Exploited Yes
Exploited by Ransomware Group(s) Yes (Akira Ransomware)
Exploited by APT Group(s) No
Included in CISA KEV List Yes
Available working exploit(s) 0
Available POC exploit(s) 0
Darknet Mention(s) 1 (BreachForum)
Telegram Mention(s) 0
FortiRecon Intelligence Reporting(s) 5(OSINT, TECHINT)
Social Media Mention(s) 93
EASM Scanner    No   
1417
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.