Kaspersky reported how recent attacks against a series of European industrial networks were accomplished at a vulnerability in Fortinet’s FortiGate VPN. (Alexxsun/CC BY-SA 4.0) In the early months of 2021, cybercriminals believed to be manually delivering Cring ransomware, struck a series of European industrial networks. Kaspersky is the first to report how those attacks were accomplished: a vulnerability in Fortinet’s FortiGate VPN. According to Kaspersky, one client’s infection was severe enough to cause a “temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted.” The ransomware operators used a FortiOS vulnerability originally patched in 2019, CVE-2018-13379, which allows an attacker to access the username and password in cleartext. The operators scanned systems for vulnerable installations a few days prior to breaching the system, though it is unclear if that was how they initially discovered targets. Kaspersky notes a hacker forum post in 2020 offering to purchase a database of vulnerable Fortinet VPN clients.