Attackers Maintaining Access to Fully Patched Fortinet Gear

Attackers are using a technique to maintain remote access to hacked Fortinet devices, even after patching. They plant symbolic links on compromised devices, allowing them to exploit known vulnerabilities and maintain read-only access. Fortinet recommends upgrading to specific FortiOS versions to block the attack vector and reviewing device configurations for potential compromise.