Cybersecurity experts have identified widespread exploitation of a critical vulnerability in Fortinet’s FortiGate firewalls. The manufacturer has officially acknowledged the flaw, designated CVE-2024-55591. Despite the release of patches, attackers continue to actively exploit this vulnerability.
Analysts highlight that the exploitation began before the vendor detected the issue and issued fixes, classifying it as a zero-day vulnerability. According to research by Arctic Wolf, mass attacks have been observed since December. The firm has documented dozens of confirmed compromises, though the actual scale of the incident is likely significantly greater.
Arctic Wolf’s technical specialists have identified the vulnerability being leveraged in ransomware campaigns. Preliminary analysis suggests potential involvement of ransomware groups Akira and Fog, based on similarities in exploitation methods observed in prior investigations.
Fortinet representatives report ongoing efforts to alert clients to the critical necessity of installing security updates. While precise statistics on compromised systems and attribution of attacks remain unconfirmed, technical indicators strongly suggest ransomware operators’ involvement.
It is worth noting that Fortinet faced another security incident in September, involving the compromise of data stored in a third-party cloud environment. Amid the current campaign, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory, strongly urging administrators to immediately update vulnerable devices.
This incident underscores the paramount importance of promptly applying security updates and adopting a layered defense strategy, including stringent restrictions on external access to administrative interfaces.
