NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways
Organisations using Fortinet services are being urged to take action following a campaign affecting firewalls and VPN gateways.
Fortinet firewalls and VPN gateways have been targeted as part of a global campaign, with some indications of potential impact in the UK.
A database of credentials has been leaked by a threat actor following brute-force, dictionary and credential stuffing attempts against internet-facing FortiGate and VPN portals.
Credential stuffing is a method where attackers use passwords stolen from one web service to try to access accounts on other services, taking advantage of any reuse of username and password combinations.
Determine if your Fortinet device is compromised by looking for common Indicators of Compromise (IoC), including unauthorised account creation, and unexpected activity in log files. (See: Technical Tip: Collect Indicators of Compromise (IoC))
Who is affected?
Organisations using these products should prioritise investigating whether they have been affected and, as soon as possible, follow mitigation advice to help defend against the threat.
You can visit the following website to assess whether you may have been affected:
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.