- Threat actors scan for publicly exposed FortiGate firewall management interfaces.
- They exploit a probable zero-day vulnerability (later identified as CVE-2024-55591) to gain unauthorized access.
- Threat actors establish
jsconsolesessions, often spoofing IP addresses like loopback addresses or public DNS resolvers. - They make various configuration changes, create new admin accounts, and enable SSL VPN access.