Fortinet Firewalls Targeted by Hackers Exploiting Zero-Day Vulnerability

• A critical vulnerability in FortiGate firewalls has been exploited as a zero-day since at least December.
• Fortinet FortiGate firewall devices with exposed management interfaces were the target of a series of focused attacks tied to this flaw.
• The attackers’ identity and the number of impacted users are yet to be discovered.

A critical new flaw in Fortinet’s widely used FortiGate firewalls has been actively exploited by malicious actors — even before a patch was made available. The cybersecurity company behind FortiGate publicly acknowledged the issue in an advisory released on Tuesday. 

While the company has issued patches, research reports suggest that CVE-2024-55591 has been exploited as a zero-day since at least December, so hackers began targeting unpatched systems long before Fortinet became aware of the issue or released a fix.

Cybersecurity firm Arctic Wolf recently revealed that its researchers observed a mass exploitation campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces. 

These attacks appear to have occurred within a short and focused timeframe, targeting tens of thousands of devices. The report confirmed the direct tie to the CVE-2024-55591 vulnerability.

Fortinet has not disclosed the exact number of customers impacted by the hacking campaign, and the intrusion's scale remains unclear. However, a spokesperson noted that the company is “proactively communicating with customers” to ensure systems are updated and secure.

Although the origin of the attacks has yet to be identified, cybersecurity experts have flagged potential links to ransomware operators, with Mastodon speculation saying CVE-2024-55591 is under exploitation by a ransomware actor. 

Arctic Wolf’s investigation further highlighted connections to affiliates of known ransomware groups such as Akira and Fog, which have previously utilized similar methods for network infiltration. The report also indicated that ransomware campaigns exploiting the newly reported bug are expected.

In November, a critical FortiClient for Windows vulnerability allowed hackers to exfiltrate VPN credentials from compromised environments and distribute malware.