FortiRecon is a digital risk protection (DRP) service that allows customers to gain visibility of their digital attack surface, receive targeted threat intelligence, and reduce organisational risk.
FortiRecon provides outside-in coverage for risks towards customers.
Adversary Centric Intelligence (ACI): leverages FortiGuard Threat Analysis to provide comprehensive coverage of dark web, open-source, and technical threat intelligence, including threat actor insights to enable organizations to respond proactively assess risks, respond faster to incidents, better understand their attackers, and guard assets.
Ransomware Intelligence Module under Adversary Centric Intelligence (ACI) provides insights on Ransomware Groups and its victims, which enables organizations to monitor supply chain risk and better understand ransomware landscape.
Adversary
Hive Ransomware
Description
The Hive ransomware gang has been active since mid-2021. The gang and its affiliates started targeting organizations that experienced high downtime costs, such as Manufacturing, Healthcare providers, Energy providers and Retailers. The group is known for its aggressive tactics and has been observed using methods such as “triple extortion,” whereby the attackers seek money not only from the organization that was first targeted but also from anyone who might be impacted by the disclosure of that organization’s data.
Exploited Vulnerabilities
CVE-2021-34473: Microsoft Exchange Server code execution
CVE-2021-34523: Microsoft Exchange Server privilege escalation
CVE-2021-31207: Microsoft Exchange Server security bypass
CVE-2020-12812: Fortinet FortiOS security bypass
CVE-2021-42321: Microsoft Exchange Server code execution
CVE-2021-31297: Microsoft Exchange Server code execution
