RUSSIAN HACKERS BREACH TENS OF THOUSANDS OF FORTINET FIREWALLS

Security researchers have identified a coordinated campaign targeting Fortinet FortiGate firewalls and VPN systems across multiple industries and geographic regions. The attackers are leveraging credentials that were previously disclosed or obtained through prior breaches, rather than exploiting zero-day vulnerabilities. The scale of the compromise affects tens of thousands of devices belonging to enterprises, government agencies, and critical infrastructure operators. Fortinet firewalls are widely deployed as primary security perimeters for organizations of all sizes, making them high-value targets for attackers seeking network access. The Russian-speaking threat actors reportedly gained initial access through reused or weak credentials. Once inside, they can pivot to lateral movement within compromised networks, potentially accessing sensitive data and systems. Security experts warn that organizations using Fortinet equipment may already be affected without detection. Fortinet has not yet issued an official public statement regarding the scope of the breach. However, the company has previously advised customers to change default passwords and implement multi-factor authentication on all network appliances. Recommended Actions: Organizations should immediately audit their Fortinet firewall credentials and reset any default or weak passwords. Companies should review firewall logs for suspicious login attempts and unauthorized access. Enabling multi-factor authentication on all remote access points is critical. Additionally, implementing network segmentation and monitoring for unusual lateral movement can help detect compromised systems. Security teams should treat this as a potential active threat until their specific deployments can be verified as secure. Given the scale of the campaign and the widespread use of Fortinet equipment, many organizations are likely already targeted.