Skip to main content

APT exploitation of Fortinet Vulnerabilities

Advanced Persistent Threat (APT) actors targeting historic Fortinet vulnerabilities.

Alert status


The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises organisations using Fortinet devices that Advanced Persistent Actors (APT’s) have been observed exploiting the following vulnerabilities:

US Cybersecurity and Infrastructure Security (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory on this issue Joint CSA AA21-092A: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks ( This advisory highlights that APT’s have been observed to leverage these vulnerabilities to specifically enable the theft, encryption and destruction of data on vulnerable networks.


The primary mitigation against these attacks is to patch the vulnerabilities listed above. If patching is not immediately possible, organisations should consider removing internet access from Fortinet devices until other mitigations listed in the CISA joint advisory can be implemented.


The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it