SYMBOLCOMMON_NAMEaka. SYNONYMS

UNC5820  (Back to overview)


UNC5820 is a threat actor exploiting the CVE-2024-47575 vulnerability in Fortinet's FortiManager, allowing them to bypass authentication and execute arbitrary commands. They have been observed exfiltrating configuration data, user information, and FortiOS256-hashed passwords from managed FortiGate devices. While the actor has staged and exfiltrated sensitive data, there is currently no evidence of lateral movement or further compromise of additional environments. Mandiant has not determined whether UNC5820 is state-sponsored or identified its geographic location.


Associated Families

There are currently no families associated with this actor.


References
2024-10-24MandiantFoti Castelan, Gabby Roncone, Jared Wilson, JP Glab, Max Thauer, Tufail Ahmed
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
UNC5820

Credits: MISP Project