■■■■□ Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
When the threat actors previously breached servers using older vulnerabilities, they created symbolic links in the language files folder to the root file system on devices with SSL-VPN enabled.
This allows them to maintain read-only access to the root filesystem through the publicly accessible SSL-VPN web panel even after they’re discovered and evicted.
https://www.bleepingcomputer.com/news/security/fortinet-hackers-retain-access-to-patched-fortigate-vpns-using-symlinks/