Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

A new campaign targets Fortinet FortiGate firewall devices with exposed management interfaces, likely exploiting a zero-day vulnerability. The attackers gain unauthorized access, create new accounts, and establish SSL VPN tunnels for lateral movement, ultimately extracting credentials using DCSync. Organizations are advised to limit firewall management interface exposure and access to mitigate similar risks.