Hackers Target Fortinet FortiGate Devices in Automated Attacks to Steal Firewall Configurations

Attackers are targeting Fortinet FortiGate devices in automated attacks that create unauthorized accounts and steal firewall configuration data, according to cybersecurity firm Arctic Wolf. The attackers exploit vulnerabilities to gain administrator access, create persistent accounts, and exfiltrate complete firewall configurations. These configurations contain sensitive information about network architecture, security rules, and potentially credentials. Arctic Wolf has observed these attacks across multiple clients, indicating a coordinated campaign specifically targeting FortiGate infrastructures.