DFN-CERT<p>CERT.at investigates ransomware attacks via critical Fortinet vulnerabilities (FortiOS, FortiProxy) and recommends urgent forensic investigations of all devices that didn't have FortiOS 7.0.16 installed before 2025-01-27, when the PoC for CVE-2024-55591 was published. Those devices may be compromised despite having been patched later.</p><p>Check (German) warning by <span class="h-card" translate="no"><a href="https://ioc.exchange/@CERT_at" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>CERT_at</span></a></span> <br><a href="https://www.cert.at/de/warnungen/2025/3/ransomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cert.at/de/warnungen/2025/3/ra</span><span class="invisible">nsomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten</span></a></p><p>Long story with Forescout:<br><a href="https://www.forescout.com/blog/new-ransomware-operator-exploits-fortinet-vulnerability-duo/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">forescout.com/blog/new-ransomw</span><span class="invisible">are-operator-exploits-fortinet-vulnerability-duo/</span></a></p><p><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fortinet</span></a> <a href="https://infosec.exchange/tags/Mora_001" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mora_001</span></a></p>