Forward National Information Security Analysis and Sharing Center Information Security Alert NISAC-400-202606-00000006

[Description]
Researchers have discovered that attackers are conducting large-scale credential theft attacks targeting Fortinet firewalls and VPN devices, and are suspected to have obtained account and password data of related devices, thereby carrying out large-scale cracking of the protection mechanisms of such devices.
Please use the following query tool to confirm whether your devices have been exposed, and promptly take remediation measures. Tool link: https://www.hudsonrock.com/fortinet

[Affected Platform]
All Fortinet devices

[Recommended Measures]
1.Hide management interface: Promptly confirm whether the device management interface is exposed to the Internet, and remove the management interface from the public Internet, allowing access only from trusted IPs or via jump server/VPN.
2.Fully reset device passwords: Immediately change all administrator passwords for Fortinet device management interfaces and VPNs.
3.Enable Multi-Factor Authentication (MFA): It is recommended to enable multi-factor authentication for all remote access and administrator accounts.
4.Force upgrade hashing algorithm: After upgrading FortiOS, require all administrators to log in to the firewall at least once; the system will automatically upgrade the password encryption method to the more secure PBKDF2 algorithm.

[References]
1.https://www.hudsonrock.com/fortinet