Friday July 23rd, Nuspire’s security operations team was notified by Recorded Future, a source for Nuspire’s threat intelligence about a communication from a known threat actor and an infrastructure suspected to belong to Fortinet – one of Nuspire’s partners.
Nuspire security operations team acted immediately with a comprehensive threat hunting operation using the suspected attacker profile. We found no indicators of compromise in either the Nuspire environment or our managed client environments. In parallel, we contacted Fortinet to determine their ongoing response activities and any proactive remediation steps needed from Nuspire or Nuspire’s clients and partners.
After consulting with the Fortinet information security team, Nuspire was informed that an internal investigation validated that the alluded traffic between the 3 malicious sites and Fortinet reported by Recorded Future were initiated by a Fortinet malware research team as part of legitimate and controlled activities, and that there was no compromise to the Fortinet network.
As always we will continue to monitor our threat intelligence platforms for any signs of abnormal behavior and will always proactively act to protect our clients and partners.