Tell me if this sounds familiar: Chinese adversaries exploiting VPN flaw from major security vendor. It should, we have been covering similar attacks against a different security vendor, Ivanti, and their VPN, Secure Connect.
Fortinet announced a severe vulnerability CVE-2024-21762 with CVSS 9.6 is being actively exploited by Chinese actors tracked by "Volt Typhoon" in order to bypass authentication and gain access to systems behind the firewall through the Fortinet firewall. If you are running FortiOS 7.4 or earlier you need to update these now. If you are unable to patch, then you need to disable the SSH VPN because it is being actively exploited.
To learn more, see: