
Audio By Carbonatix
The Cyber Security Authority (CSA) has issued an urgent technical advisory to organisations across the country, warning of a large-scale cybercrime campaign known as “FortiBleed” that is actively targeting Fortinet FortiGate firewalls and Secure Socket Layer (SSL) Virtual Private Network (VPN) gateways.
The advisory, released on June 19, 2026, cautioned that the campaign poses significant risks to organisations whose digital infrastructure relies on Fortinet security devices, particularly where weak passwords, password reuse and inadequate authentication measures exist.
According to the CSA, the campaign is not exploiting a newly discovered software vulnerability but is instead taking advantage of poor cybersecurity practices, including weak credentials and the absence of multi-factor authentication (MFA).
Automated attacks
The CSA explained that threat actors behind the campaign are conducting automated scans of internet-facing Fortinet devices and testing them against large databases of previously leaked usernames and passwords.
“Valid credentials are catalogued and reused, enabling attackers to access systems at scale across multiple sectors,” the advisory stated.
It warned that once access is gained, cybercriminals could monitor network traffic, capture authentication information and establish persistent access to compromised systems.
The CSA further noted that successful breaches could lead to privilege escalation, lateral movement within networks and the compromise of additional systems, including Active Directory environments that often form the backbone of institutional IT infrastructure.
Organisations at risk
The advisory identified several conditions that increase an organisation’s vulnerability to the FortiBleed campaign.
These include publicly accessible administrative or VPN interfaces, the use of weak or recycled passwords, failure to enforce multi-factor authentication for administrative access, and unrestricted access to administrative systems from untrusted internet sources.
The CSA said organisations operating critical digital infrastructure, including those in government, finance, telecommunications, education, healthcare and other essential sectors, should pay particular attention to the warning.
Warning signs
To help organisations identify potential compromises, the CSA outlined a number of indicators that warrant immediate investigation.
Among them are login attempts from unusual geographic locations or at unusual times, repeated failed login attempts followed by successful access, the appearance of unknown administrator accounts, unexpected configuration changes on firewalls and suspicious network connections to unfamiliar internet addresses.
The CSA stressed that the presence of any of these indicators may suggest attempted or successful compromise and should trigger immediate incident response procedures.
Recommended measures
As part of its mitigation strategy, the CSA urged organisations to immediately rotate all administrative and VPN credentials, enforce multi-factor authentication and ensure the use of strong, unique passwords.
Additional recommendations include restricting access to administrative interfaces to trusted IP addresses or internal networks, disabling unnecessary services and unsecured management interfaces, and continuously monitoring firewall, VPN and authentication logs.
The Authority also advised organisations to implement network segmentation and least-privilege access controls to limit the spread of attacks in the event of a breach.
Furthermore, all Fortinet devices should be updated with the latest firmware and configurations in accordance with vendor recommendations.
To assist organisations in assessing their vulnerability, the CSA directed users to perform an initial exposure check through publicly available cybersecurity assessment tools.
The CSA reiterated its commitment to supporting organisations facing cybersecurity incidents and encouraged affected entities to promptly report suspicious activity.
Growing cyber threat landscape
The latest advisory comes amid increasing concerns about the sophistication and frequency of cyberattacks targeting organisations worldwide.
Cybersecurity experts have repeatedly warned that attackers are increasingly exploiting stolen credentials and poor security hygiene rather than relying solely on software vulnerabilities.
The CSA has, in recent years, intensified public awareness campaigns and regulatory interventions aimed at strengthening the country's cyber resilience, particularly among operators of Critical Information Infrastructure (CII).
The CSA maintains a 24-hour Cybersecurity and Cybercrime Incident Reporting Point of Contact and has urged organisations experiencing any suspicious activity related to the FortiBleed campaign to seek immediate assistance.


Latest Stories
-
NPP alleges arrest of Dennis Miracles Aboagye by EOCO, demands his immediate release
44 minutes -
T-bills auction: Government exceeds target by 77%; but to pay more for one-year bill at maturity
52 minutes -
A competent government leads with systems, not brooms
2 hours -
Mahama directs activation of Zoomlion transfer stations to improve waste collection after floods
2 hours -
Digitisation has strengthened justice delivery across Ghana — Justice Owusu-Dapaa
3 hours -
Quality of justice must not depend on where a person lives — Court of Appeal judge
3 hours -
NPP Bantama constituency elections resume after disruption by unidentified men
3 hours -
Supreme Court should consider live broadcasts to boost public confidence — Justice Ackah-Boafo
3 hours -
Knights and Ladies of Marshall refurbish washroom facility at St Augustine Catholic Church in Ashaiman
3 hours -
Kojo Oppong Nkrumah commends peaceful NPP constituency elections in Ofoase/Ayirebi
3 hours -
Public reluctance to use ADR is increasing pressure on Supreme Court — Judge
3 hours -
Appoint more judges to improve justice delivery — Circuit Court judge
3 hours -
NPP elects new constituency executives in Suame
3 hours -
Liquidity slows down in first 4 months of 2026 – BoG
4 hours -
Remaining external debt restructuring negotiations may create short term payment challenges – BoG
4 hours