FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Summary
Threat actors are exploiting FortiGate Next-Generation Firewall (NGFW) appliances as initial access points into victim networks. This campaign involves leveraging recently disclosed vulnerabilities or weak credentials to steal service account credentials and map network topology by extracting configuration files.
IFF Assessment
Attackers are actively exploiting common firewall devices and potentially weak credential management to gain unauthorized access, posing a direct threat to network security.
Defender Context
This highlights the critical importance of keeping firewall firmware updated and rigorously managing credentials, especially service accounts. Defenders should monitor for unusual outbound traffic or configuration changes originating from their FortiGate devices and enforce strong authentication policies.