According to Arctic Wolf Labs researchers, malicious activity against Fortinet firewalls began in mid-November 2024.
Threat actors also created new SSL VPN portals where the user accounts were added directly.
According to the cybersecurity company, the threat actors have been removed from affected systems before they can proceed.
Artic Wolf Labs notified Fortinet about the activity observed in this campaign on December 12, 2024.
It also advises regularly upgrading the firmware on firewall devices to the latest version to protect against known vulnerabilities.
source: www.techworm.net
