NCSC Issues Advice Following Global Targeting of Fortinet Firewalls and VPN Gateways
The UK NCSC published an alert on June 18 (updated June 22) urging organizations using Fortinet services to take action against a global campaign hitting FortiGate firewalls and VPN gateways with SSL VPN enabled.
At a glance
- NCSC issued advice on June 18 after global targeting of FortiGate firewalls and SSL VPN gateways.
- A threat actor leaked a credentials database built via brute-force, dictionary and credential-stuffing attempts.
- NCSC recommends factory-resetting affected devices rather than just changing credentials.
VERDICT — CONFIRMED
The UK NCSC published an alert on June 18 (updated June 22) urging organizations using Fortinet services to take action against a global campaign hitting FortiGate firewalls and VPN gateways with SSL VPN enabled. Per the alert, a threat actor leaked a database of credentials assembled through brute-force, dictionary and credential-stuffing attempts, with some indications of potential impact in the UK. NCSC advises checking for indicators of compromise including unauthorized accounts, factory-resetting affected devices rather than only changing credentials, isolating compromised devices, and hardening by disabling internet-exposed management interfaces and enforcing multi-factor authentication.
Key facts on file
- NCSC issued advice on June 18 after global targeting of FortiGate firewalls and SSL VPN gateways.
- A threat actor leaked a credentials database built via brute-force, dictionary and credential-stuffing attempts.
- NCSC recommends factory-resetting affected devices rather than just changing credentials.