Fortinet, the prominent American cybersecurity company, has recently found itself at the center of a media storm after reports emerged suggesting it exposed its customers to a significant cyber threat. The controversy was triggered by Arctic Wolf, a competing firm in the cybersecurity industry, which disclosed the details of the threat.
According to Arctic Wolf, cybercriminals have been exploiting zero-day vulnerabilities in FortiGate devices. These attackers have been intercepting the firewalls, altering configurations, and using DCSync to extract credentials. The attack appears to be highly sophisticated, enabling hackers to create new accounts, gain VPN access via SSL, and manipulate firewall configurations at will.
Security experts from Arctic Wolf believe that the attack could have been ongoing since November 2024. However, they remain uncertain about whether this resulted in a data breach or any significant compromise of data.
Fortinet has responded by confirming that the threat is limited to FortiGate devices running firmware versions 7.0.14 and 7.0.16, which were released in February and October of the previous year. The company also identified that the threat involved super admin credentials created after November 21, 2024. Fortinet is now in the process of notifying customers and investigating any potential discrepancies.
In addition, Fortinet is advising customers to stop exposing their firewall management interfaces to public IP addresses and to restrict access to trusted users only. The security issue is believed to have originated from a vulnerability in the Fortinet Wireless Manager, which was discovered in December 2024.
For those unfamiliar with Fortinet, the company is known for creating FortiGate, the first physical firewall, which was founded in 2000 by brothers Ken and Michael Xie. Over the years, the company expanded its portfolio to include wireless access points, sandboxes, and various security solutions for messaging.
This is not the first time Fortinet has been embroiled in a security breach controversy. In September 2024, a hacker using the name “Fortibitch” was reported to have accessed 440GB of data from Fortinet’s Microsoft SharePoint server, affecting a limited number of individuals.
