The Download
Dark Web intelligence has uncovered admin access to over 3000 compromised Fortinet SSL VPNs for sale. Earlier this year Fortinet announced a severe vulnerability, CVE-2024-21762 with CVSS 9.6, in its SSL VPN that was being actively exploited by Chinese hacker group known as Volt Typhoon.
Now it appears the vulnerability has been exploited on a large scale and access to compromised gateway machines is being offered for sale. The subsequent exploitation by the severe vulnerability is not surprising. Its likely once the adversary achieved its objective in grabbing what it needed from behind the firewall, it offered the access for sale to also cash in.
What You Can Do
Exploitation of VPN gateways for remote access is a recurring threat we see, whether its Fortinet, Palo Alto Networks, or Cisco. The severe vulnerabilities allow any actor on the Internet to gain access to networks behind the firewall. It is imperative you understand your attack surface on remote access gateways, and patch vulnerabilities when available or shut down remote access if a patch is not available.
To Learn More: