Fortinet has issued a warning about a new method that attackers are utilizing to maintain read-only access to vulnerable FortiGate devices, even after the initial security vulnerabilities used for exploitation have been patched. These attackers have exploited known security flaws, including some that were patched as recently as 2024, to create symlinks that link user and root filesystems.
These modifications allow attackers to bypass detection and retain read-only access to various files on the device, including sensitive configurations. However, customers who have never activated SSL-VPN features are not affected. Fortinet’s investigation indicates that this activity is not targeted toward specific regions or industries, and the company has directly notified the affected customers.
In response to this ongoing threat, Fortinet has rolled out software updates across various FortiOS versions, aimed at automatically flagging malicious symlinks and preventing their creation through the SSL-VPN user interface.
Fortinet advises all customers to update their devices to versions 7.6.2, 7.4.7, 7.2.11, 7.0.17, or 6.4.16, and to treat their configurations as potentially compromised. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also urged users to reset any exposed credentials and consider disabling SSL-VPN access until patches can be applied. France’s Computer Emergency Response Team (CERT-FR) confirmed awareness of these vulnerabilities, noting that some of the compromises date back to early 2023.
Benjamin Harris, CEO of watchTowr, emphasized two significant concerns: the rapid tempo of exploitation that outpaces organizational patching efforts, and the emerging trend of attackers setting up persistent backdoors that survive standard recovery processes. He reported instances of such backdoors across organizations considered critical infrastructure, raising alarms about overall cybersecurity threats.
This incident serves as a stark reminder of the evolving challenges organizations face in securing their networks against sophisticated attacks.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.