Fortinet Warns of Post-Exploitation Technique Maintaining Access to Patched FortiGate VPNs

Fortinet has issued a warning that malicious actors are using a post-exploitation technique to retain read-only access to previously compromised FortiGate VPN devices, even after the initial attack vector has been patched. This technique involves the use of symlinks (symbolic links) to maintain access. The affected devices are those that were compromised before the patches were applied, allowing attackers to continue accessing sensitive information.