Particle.news
Download on the App Store
5 ARTICLES
·
2w ago

Fortinet VPN Brute-Force Waves Pivot to FortiManager, Heightening Zero-Day Concerns

GreyNoise warns August’s brute-force spikes likely foreshadow new Fortinet vulnerabilities based on historical patterns.

Image
Image
Fortinet
New Brute-Force Campaign Hits Fortinet SSL VPN in Coordinated Attack

Overview

  • A coordinated August 3 surge used over 780 unique IPs to mount brute-force attacks on Fortinet SSL VPN endpoints.
  • On August 5 attackers or their tooling shifted focus from SSL VPNs to the FortiManager management interface, altering their TCP signature.
  • JA4+ fingerprinting links the August campaign to June activity from a residential FortiGate device, suggesting reuse of tooling or proxy concealment.
  • GreyNoise research shows roughly 80% of similar brute-force spikes against enterprise edge systems precede public vulnerability disclosures within six weeks.
  • Security advisories published malicious IP block lists and recommend blocking those addresses, enforcing stricter login protections and restricting management access to trusted networks.