KRVTZ-NET IDS Alerts Analysis: Network Scanning and Exploitation Attempts
Multiple IDS alerts indicate potential network reconnaissance, vulnerability exploitation attempts targeting Fortigate VPN (CVE-2023-27997), and ColdFusion servers originating from various IP addresses on March 13, 2026.
On March 13, 2026, KRVTZ-NET IDS systems generated a series of alerts indicative of network scanning and attempted exploitation. The alerts highlight suspicious activity originating from a range of IP addresses, suggesting a widespread campaign rather than a targeted attack from a single actor. Specific alerts include repeated GET requests to /remote/logincheck, potentially targeting the Fortigate VPN vulnerability CVE-2023-27997, as well as requests for hidden environment files and attempts…
Detection coverage 3
Detect Suspicious User Agent Strings
mediumDetects requests with suspicious user agent strings such as '_TEST_' and 'InfoBot'.
Detect ColdFusion Componentutils Access
highDetects access to the ColdFusion componentutils endpoint, potentially indicating vulnerability exploitation attempts.
Detect Request to Hidden Environment File
mediumDetects requests to hidden environment files (.env) indicating potential information leakage attempt.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
13
ip