ISLAMABAD
Pakistan’s National Computer Emergency Response Team (National CERT) has issued an urgent cybersecurity advisory, warning government institutions, banks, telecom operators, energy companies and other critical infrastructure organizations to immediately secure their Fortinet firewall and VPN systems following a global cyber intrusion campaign that compromised nearly 74,000 internet-facing devices across 194 countries.
National CERT said security researchers had identified evidence of a large-scale compromise affecting around 73,932 Fortinet FortiGate firewall instances, exposing administrative credentials and enabling unauthorized access to enterprise and critical infrastructure networks worldwide.
The advisory warned that organizations operating internet-exposed Fortinet FortiGate firewalls and SSL VPN gateways in Pakistan face an elevated cyber risk, with attackers believed to be conducting credential harvesting, brute-force attacks, VPN credential cracking and lateral movement inside compromised networks.
According to National CERT, threat actors exploited publicly accessible FortiGate management interfaces and legacy credential storage mechanisms to gain administrative access and establish persistent footholds within targeted systems.
The cyber watchdog cautioned that organizations failing to investigate and remediate affected systems risk unauthorized administrative access, VPN compromise, theft of sensitive credentials, Active Directory breaches, persistent backdoors, data theft and manipulation of firewall security policies.
It warned that successful attacks could expose sensitive government and corporate information, disrupt essential services and create supply-chain risks through unauthorized access to connected third-party systems.
National CERT identified government agencies, telecom companies, financial institutions, IT firms, healthcare providers, educational institutions, manufacturing facilities, industrial operators and logistics companies among the sectors facing the highest risk.
The advisory instructed organizations to immediately remove FortiGate management interfaces from the public internet, upgrade to the latest supported FortiOS versions, reset administrator credentials, enforce multi-factor authentication (MFA), restrict management access to trusted networks and intensify monitoring for suspicious activity.
National CERT urged organizations to treat the incident as a potential network compromise rather than a routine software vulnerability and to immediately report any suspected firewall breaches, unauthorized administrative access or VPN abuse through its incident reporting channels.




