Fortinet Firewall Fiasco: When Hackers Play Peekaboo with Your Security

Threat hunters are spotlighting a new campaign targeting Fortinet FortiGate firewalls with public-facing management interfaces. These digital mischief-makers have been logging unauthorized admin access and creating super admin accounts like they’re collecting trading cards. A key red flag? Extensive use of the jsconsole interface from some sketchy IP addresses.

3P
Published: January 14, 2025 9:39 amAdded: January 14, 2025 at 2:09 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Fortinet FortiGate firewalls have been caught with their management interfaces down, thanks to a mysterious new campaign from cybercriminals. If your firewall’s management interfaces are exposed to the internet, it’s like putting up a “Welcome Hackers” sign on your network. Time to lock those doors before someone helps themselves to all your data!

Key Points:

  • Threat actors targeted Fortinet FortiGate firewalls with exposed management interfaces.
  • The attackers created super admin accounts to alter firewall configurations.
  • SSL VPN access was exploited for lateral movement using DCSync.
  • The campaign likely involved a zero-day vulnerability.
  • Targeting was indiscriminate, affecting a wide range of organization profiles.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?