Pakistan Warns Critical Sectors to Secure Fortinet Systems
Pakistanโs National Computer Emergency Response Team (National CERT) has issued a critical cybersecurity advisory following a large-scale global cyber intrusion campaign targeting Fortinet FortiGate firewalls and VPN systems.
The advisory urges government institutions, banks, telecom operators, energy companies, and other critical infrastructure organizations to secure their systems immediately.
According to National CERT, security researchers discovered that nearly 74,000 internet-facing Fortinet devices across 194 countries had been compromised.
Cyber Campaign Targets Administrative Credentials
National CERT said the attackers gained access to approximately 73,932 FortiGate firewall instances by exploiting internet-exposed management interfaces and legacy credential storage mechanisms.
The advisory stated that the campaign allowed attackers to obtain administrative credentials and establish persistent access to affected networks.
According to the agency, organized cybercriminal groups are likely behind the attacks. The groups reportedly used credential harvesting, brute-force attacks, VPN password cracking, and lateral movement techniques to infiltrate enterprise networks.
Critical Sectors Face Elevated Risk
National CERT warned that organizations using internet-facing Fortinet FortiGate firewalls and SSL VPN gateways face an increased cybersecurity risk.
The advisory identified government agencies, financial institutions, telecom companies, IT firms, healthcare providers, educational institutions, manufacturers, logistics companies, and industrial operators among the sectors most vulnerable to the campaign.
Officials warned that compromised systems could lead to unauthorized administrative access, credential theft, Active Directory breaches, data theft, firewall policy manipulation, and service disruptions.
The agency also cautioned that attackers could use compromised networks to access third-party systems and expose sensitive government or corporate information.
National CERT Recommends Immediate Action
National CERT urged organizations to remove FortiGate management interfaces from public internet access without delay.
The agency also advised organizations to upgrade to the latest supported FortiOS version, reset all administrator passwords, and enable multi-factor authentication (MFA) for administrative and VPN accounts.
In addition, organizations should restrict management access to trusted networks, review firewall configurations, enable detailed logging, and monitor systems for suspicious activity.
Organizations Advised to Hunt for Threats
National CERT recommended investigating unusual administrator logins, unexpected VPN access, privilege escalation, unauthorized firewall changes, and abnormal outbound network traffic.
The advisory also encouraged organizations to rotate credentials, audit Active Directory environments, and rebuild affected devices if they cannot confidently rule out a compromise.
Officials stressed that organizations should treat the incident as a potential security breach instead of a routine software vulnerability. They also urged affected entities to report suspected incidents to National CERT immediately.
