Pakistan’s National CERT Warns Organizations Over Fortinet Firewall Cyber Intrusion Campaign

Published
Written by:
Rachita Jain
Rachita Jain
VPN Staff Editor
Key Takeaways
  • Fortinet cybersecurity warning: Pakistan National CERT warns of global compromise affecting 73,932 FortiGate devices across 194 countries.
  • Critical sectors targeted: Government, banking, telecom, energy, healthcare, and other organizations face elevated cyber intrusion risks.
  • Immediate mitigation urged: National CERT recommends updates, MFA, credential resets, threat hunting, and restricted management access.

Pakistan’s National Computer Emergency Response Team (National CERT) has issued a cybersecurity advisory urging government bodies, businesses, and operators of critical infrastructure to secure Fortinet FortiGate firewall and VPN systems following a global intrusion campaign affecting tens of thousands of internet-facing devices.

The advisory, issued on July 14, 2026, said researchers had identified evidence of compromise involving approximately 73,932 Fortinet FortiGate instances across 194 countries. According to National CERT, affected systems exposed administrative credentials and could provide attackers with unauthorized access to enterprise and critical infrastructure networks.

The warning applies to organizations in sectors including government, banking, telecommunications, energy, healthcare, education, manufacturing, logistics, information technology, and industrial operations, particularly those using internet-accessible FortiGate firewalls and SSL VPN gateways.

What National CERT identified

National CERT said the campaign involves large-scale attempts to compromise Fortinet systems through activities including credential harvesting, brute-force attacks, VPN credential cracking, and further movement inside compromised networks.

The advisory stated that attackers had taken advantage of publicly accessible FortiGate management interfaces and older credential storage mechanisms to gain administrative access and maintain access within victim environments.

The cybersecurity agency warned that successful compromises could allow attackers to access VPN gateways, steal credentials, alter firewall security policies, install persistent backdoors, breach Active Directory environments, and extract sensitive information.

National CERT also noted that compromised systems could create risks beyond individual organizations by enabling unauthorized access to connected third-party systems and potentially affecting supply chains.

Confirmation and next steps

The warning was confirmed through National CERT’s official cybersecurity advisory, which highlighted findings from security researchers regarding the scale of the global Fortinet compromise campaign.

National CERT has asked organizations to report suspected firewall compromises, unauthorized administrative access, VPN misuse, or related malicious activity through its incident reporting channels.

The advisory places exposure reduction, credential updates, multi-factor authentication, and threat-hunting activities among the highest-priority measures, while configuration reviews, Active Directory assessments, incident reporting, and ongoing monitoring were identified as additional key actions.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: