Fortinet has alerted customers that threat actors are exploiting a technique to maintain read-only access to compromised FortiGate VPN devices, even after vulnerabilities have been patched. The attackers create symbolic links in the device's file system, allowing them to access sensitive information despite updates meant to address the initial breaches. A wave of these attacks has been reported since early 2023, prompting Fortinet and CERT-FR to advise affected users to take immediate action to secure their devices.