Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Miscreants Mass Exploit Fortinet Firewalls Using Highly Probable Zero-Day Vulnerability



Miscreants have been exploiting Fortinet firewalls using a highly probable zero-day vulnerability, compromising hundreds to thousands of devices. The attack highlights the need for constant vigilance against such threats and underscores the importance of staying up to date with software patches and robust security measures.

  • Fortinet firewalls were exploited using a highly probable zero-day vulnerability.
  • A cluster of intrusions affecting Fortinet devices was observed, with mostly occurring within three days of each other.
  • The attackers gained access to Fortinet firewalls with internet-exposed management interfaces and stole credentials for lateral movement through the victims' networks.
  • The incident highlights the importance of keeping software up to date and patched.
  • Ransomware is suspected to be an option for the attackers, but attributing the attack to a specific group is challenging due to common network providers being used by multiple criminal organizations.



  • Fortinet firewalls, a popular choice among businesses and organizations for securing their networks, have recently been exploited by miscreants using a highly probable zero-day vulnerability. The incident has sent shockwaves through the cybersecurity community, highlighting the need for constant vigilance against such attacks.

    According to security researchers at Arctic Wolf Labs, a cluster of intrusions affecting Fortinet devices in the tens was observed early last month, with mostly occurring within three days of each other. The affected victim organizations had somewhere between hundreds to thousands of malicious login events on their FortiGate firewalls. While this number represents only a limited sample compared to the total actual number of devices that were likely affected, it underscores the severity of the threat.

    The attackers gained access to Fortinet firewalls with internet-exposed management interfaces, altered firewall configurations, used SSL VPN tunnels to maintain connections to the compromised devices, and then began stealing credentials for lateral movement through the victims' networks. The exact details of the intrusions are still being figured out by security researchers.

    While the initial access vector used in this campaign is not yet confirmed, Arctic Wolf Labs assesses with high confidence that mass exploitation of a zero-day vulnerability is likely given the compressed timeline across affected organizations as well as firmware versions affected. Affected firmware versions range from 7.0.14, released in February 2024, and 7.0.16, released in October 2024.

    The use of a zero-day vulnerability highlights the importance of keeping software up to date and patched. Fortinet has yet to link the malicious activity to a specific flaw, assign a CVE, or patch a related hole. However, security researchers have observed that some of the same network providers were used by Akira and Fog ransomware affiliates in earlier research.

    The incident serves as a reminder that even well-established companies can be vulnerable to attacks. The attackers' plan is not yet known, but it is suggested that ransomware could be an option. Arctic Wolf Labs' threat hunter, Stefan Hostetler, cautioned that attributing the attack to a specific group is challenging due to the use of common network providers by multiple criminal organizations.

    The incident highlights the need for cybersecurity awareness and vigilance among businesses and individuals. Regularly updating software, using strong passwords, and monitoring network activity can help prevent such attacks. Furthermore, investing in robust security measures, including intrusion detection systems and threat intelligence services, can aid in detecting and responding to such incidents.

    In conclusion, the recent exploitation of Fortinet firewalls by miscreants using a highly probable zero-day vulnerability serves as a wake-up call for the cybersecurity community. It emphasizes the importance of staying vigilant, keeping software up to date, and investing in robust security measures to protect against such threats.



    Related Information:

  • https://go.theregister.com/feed/www.theregister.com/2025/01/14/miscreants_mass_exploited_fortinet_firewalls/


  • Published: Mon Jan 13 20:40:39 2025 by llama3.2 3B Q4_K_M













         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us