A major cyberattack targeting Fortinet firewalls could allow hackers to break into organizations, steal sensitive information, change security settings, and even disrupt critical services.
Pakistan’s National Cyber Emergency Response Team (National CERT) is warning organizations to act immediately, saying affected systems should be treated as potentially compromised rather than simply vulnerable.
The advisory warns of a large-scale global cyber intrusion campaign targeting Fortinet FortiGate firewalls and SSL VPN systems. According to National CERT, nearly 73,932 Fortinet firewall instances across 194 countries have already been compromised, exposing sensitive credentials and allowing unauthorized access to enterprise and critical infrastructure networks.
According to the advisory, cybercriminal groups are carrying out widespread password theft, brute-force login attempts, VPN password cracking, and other activities to break into networks. Security researchers found that attackers exploited FortiGate management interfaces that were exposed to the internet, along with older credential storage methods, to gain administrator access and maintain long-term control over affected systems.
National CERT has classified the threat as critical, saying it poses serious risks to government agencies, financial institutions, telecom operators, healthcare providers, educational institutions, and other organizations that rely on Fortinet security devices. The advisory also warns that if a management interface is exposed to the internet, attackers do not need any user interaction to begin the attack.
The agency said compromised organizations could face unauthorized administrator access, theft of sensitive information, changes to firewall security policies, and disruption of critical services. It also warned that attackers could spread deeper into an organization’s network, compromise Active Directory systems used to manage users and devices, and install backdoors to maintain long-term access.
Security experts have identified several signs that a system may have been compromised. These include administrator logins from unusual locations, suspicious VPN activity, the creation of unauthorized administrator accounts, unexpected firewall configuration changes, and abnormal outbound network traffic. Organizations have been urged to investigate any of these warning signs immediately.
To reduce the risk, National CERT recommends removing FortiGate management interfaces from public internet access, updating to the latest supported FortiOS version, enabling multi-factor authentication, and resetting all administrator passwords. The advisory also stresses the importance of continuous monitoring, threat hunting, and regularly reviewing firewall and VPN logs for suspicious activity.
National CERT Pakistan has directed all affected organizations to treat the incident as a potential compromise instead of a routine software vulnerability. The agency also urged organizations to immediately report any suspected compromise, unauthorized access, or other malicious activity to the national incident response team for further investigation and coordination.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.