Threat actors are actively exploiting security flaws in Fortigate appliances to deliver Qilin ransomware, in a series of coordinated attacks targeting critical infrastructure.
Researchers have uncovered a sophisticated cyber campaign that takes advantage of known vulnerabilities—specifically CVE-2024-21762 and CVE-2024-55591—to breach enterprise networks. These flaws in Fortigate’s security systems provide an entry point for attackers, allowing them to establish unauthorized access and maintain a presence within internal systems.
Once inside, the attackers deploy Qilin ransomware—also known as Agenda—which has evolved into a highly advanced ransomware-as-a-service tool. Known for its strong encryption and stealth capabilities, Qilin uses multi-layered obfuscation and anti-analysis tactics to bypass standard security defenses.
According to analysts at PRODAFT, this campaign signals a shift in cybercriminal strategy. Instead of relying heavily on phishing or social engineering, attackers are now directly targeting network infrastructure to exploit overlooked vulnerabilities.
This approach not only enables attackers to sidestep traditional perimeter defenses but also grants them access to sensitive areas within an organization’s network—areas typically shielded from external threats.
The consequences of these attacks go beyond immediate financial impact. Affected organizations could face operational disruptions, regulatory backlash, and long-term reputational damage. The attackers’ precise targeting of network devices highlights their deep understanding of enterprise security frameworks and the critical weak points within them.
This campaign underlines the urgent need for organizations to patch known vulnerabilities and reinforce their internal security postures to prevent similar breaches.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: CybersecurityNews.com