Security researchers have discovered that malicious hackers have been exploiting a newly identified vulnerability in Fortinet firewalls to break into corporate and enterprise networks. In an advisory published on Tuesday, Fortinet confirmed that the critical-rated vulnerability, tracked as CVE-2024-55591, is "being exploited in the wild."

The vulnerability affects Fortinet's FortiGate firewalls, which are designed to protect corporate networks from intruders. Fortinet has made patches available to address the issue, but security researchers warn that hackers have been mass-exploiting the vulnerability as a zero-day – meaning before Fortinet was aware of the vulnerability and made fixes available – since December.

This is the latest example of hackers exploiting a vulnerability in a popular enterprise security product designed to protect corporate networks. The news comes just days after it was revealed that attackers are exploiting a separate zero-day flaw in Ivanti VPN servers, allowing access to customers' networks.

Cybersecurity company Arctic Wolf reported observing a recent "mass exploitation" campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed to the public internet. Stefan Hostetler, lead threat intelligence researcher at Arctic Wolf, confirmed to TechCrunch that this observed exploitation is linked to the newly confirmed CVE-2024-55591 vulnerability in Fortinet firewalls.

Hostetler noted that Arctic Wolf had "observed a cluster of intrusions affecting Fortinet devices in the tens," but emphasized that this only represents a "limited sample compared to the total actual number of devices that were likely affected." He added that "the evidence points to an effort to exploit a large number of devices within a narrow timeframe."

When reached by TechCrunch, Fortinet spokesperson Tiffany Curci declined to say how many Fortinet customers were compromised as a result of this hacking campaign, but said that the company was "proactively communicating with customers." It's also unclear who is behind the attacks on Fortinet firewalls, but cybersecurity researcher Kevin Beaumont writes on Mastodon that the vulnerability is "under exploitation by a ransomware operator."

Hostetler said that ransomware attacks exploiting the bug are "not off the table," noting that in previous research, Arctic Fox "observed affiliates of ransomware groups such as Akira and Fog using some of the same network providers to establish VPN connectivity."

In a brief statement on Tuesday, U.S. cybersecurity agency CISA urged Fortinet customers to update any affected devices. This incident serves as a reminder of the importance of timely patching and vulnerability management in preventing cyber attacks.

This is not the first security incident for Fortinet. In September, the company disclosed a breach involving customer data after an attacker accessed "a limited number of files" stored on a third-party shared cloud drive belonging to the organization.

The exploitation of Fortinet firewalls highlights the ongoing cat-and-mouse game between cybersecurity professionals and malicious hackers. As the threat landscape continues to evolve, it's essential for organizations to remain vigilant and proactive in protecting their networks and data.