The Cyber Security Authority (CSA) has issued a technical advisory cautioning organisations about a large-scale cybercrime campaign known as "FortiBleed" that is actively targeting Fortinet FortiGate firewalls and SSL VPN gateways.
According to the Authority, the campaign is exploiting weak credential practices to gain unauthorised access to exposed systems across multiple sectors.
The advisory, issued on June 19, noted that the threat does not rely on a newly discovered software vulnerability but instead takes advantage of password reuse and the absence of multi-factor authentication (MFA).
In the statement, the CSA said threat actors are using automated tools to scan internet-facing Fortinet devices and test them against databases of previously leaked credentials.
“A large-scale cybercrime campaign, known as ‘FortiBleed,’ is actively targeting Fortinet FortiGate firewalls and SSL VPN Gateways. The campaign leverages credential harvesting and password-spraying techniques to gain unauthorised access to exposed systems,” the Authority said.
The CSA explained that once attackers gain access, they may be able to monitor network traffic, capture authentication data and establish long-term access to compromised systems.
According to the advisory, such breaches could enable cybercriminals to move laterally across networks, escalate privileges and compromise critical internal systems, including Active Directory environments.
The Authority noted that organisations are particularly vulnerable where administrative or VPN interfaces are publicly accessible, passwords are weak or repeatedly used, and MFA is not enforced.
It urged institutions to investigate suspicious login activities, repeated failed login attempts followed by successful access, unauthorised administrator accounts and unexpected firewall configuration changes.
“Organisations may be at increased risk if administrative or VPN interfaces are publicly accessible, passwords are reused, weak, or not regularly rotated, and MFA is not enforced for remote or administrative access,” the statement said.
As part of its recommendations, the CSA advised organisations to immediately rotate administrative and VPN credentials, enforce MFA and adopt strong, unique passwords.
It also encouraged institutions to restrict administrative access to trusted IP addresses, disable unnecessary services, continuously monitor authentication logs and implement network segmentation to reduce the impact of potential breaches.
Residents renew calls for action as flooding worsens along Santasi–Ahenema Kokob...
Government imposes curfew on Nkwanta South communities after deadly attack
Three charged in Australia over alleged attempt to import methamphetamine hidden...
“NPP says I am bitter; If they provoke me, I will spill the beans everywhere” — ...
A/R: Police arrest suspect linked to car snatching syndicate, two alleged accomp...
'English-only Parliament censors majority' — Prof Kwesi Yankah warns
Flood waters submerge parts of Samreboi after heavy rains
Section 25 of Gold Board Act should be amended to prevent mandate overlap, finan...
'Lend your influence to NPP’s healing' — Bryan Acheampong appeals to Kennedy Agy...
Let us lay down the weapons of internal warfare — Bryan Acheampong to NPP member...
