Published date:
The National Cyber Security Centre (NCSC) has issued guidance following reports of a global campaign targeting Fortinet firewalls and VPN gateways.
The activity involves attackers using leaked or previously compromised credentials to gain access to internet-facing devices, using techniques such as credential stuffing and brute-force attempts.
Organisations using Fortinet products are advised to review their systems urgently, monitor for unusual activity, and follow NCSC mitigation guidance to reduce risk. This includes checking for indicators of compromise, updating devices, and ensuring management interfaces are not exposed to the internet.
Further details and recommended actions are available on the NCSC website: NCSC advice on Fortinet firewalls and VPN gateways