Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices
Trend
Summary
Hide ▲
Show ▼
A sharp rise in brute-force attempts against SonicWall and Fortinet edge devices is increasing risk of perimeter-device compromise across organizations that rely on VPNs and firewalls. 88% of observed attempts appeared to come from the Middle East, and 56% of confirmed incidents from February to March involved this attack type. Persistent scanning and failed logins matter because a single weak credential or misconfiguration can still lead to compromise.
Related Happenings
FortiBleed Fortinet credential-theft campaign
Campaign
H score89
First: 19.06.2026 13:48
Last: 19.06.2026 13:48
Sources 1
About this happening:
The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...
FortiBleed Fortinet credential-theft campaign
CampaignAbout this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...
Latest development: 22.06.2026 11:30
The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.
Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign
Campaign
H score82
First: 17.06.2026 18:12
Last: 17.06.2026 18:12
Sources 1
About this happening:
A Russian-speaking multi-operator threat group ran a **FortiGate** and **Microsoft SQL Server** bruteforce campaign that generated **billions of credential attempts**, raising the...
Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign
CampaignAbout this happening: A Russian-speaking multi-operator threat group ran a **FortiGate** and **Microsoft SQL Server** bruteforce campaign that generated **billions of credential attempts**, raising the...
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
Vulnerability
H score50
First: 21.05.2026 00:19
Last: 21.05.2026 00:19
Sources 1
About this happening:
Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
VulnerabilityAbout this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
H score66
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Forest Blizzard DNS hijacking token-theft campaign against older routers
Campaign
H score35
First: 07.04.2026 20:02
Last: 07.04.2026 20:02
Sources 1
About this happening:
Russia-backed **Forest Blizzard** is running a **DNS hijacking campaign** against older routers to steal **Microsoft Office** authentication tokens, putting accounts at risk acros...
Forest Blizzard DNS hijacking token-theft campaign against older routers
CampaignAbout this happening: Russia-backed **Forest Blizzard** is running a **DNS hijacking campaign** against older routers to steal **Microsoft Office** authentication tokens, putting accounts at risk acros...
Timeline
-
15.04.2026 03:00 2 articles · 2mo ago
Barracuda flags brute-force surge against SonicWall and Fortinet devices
Initial DisclosureBarracuda detected a sharp rise in brute-force attempts targeting SonicWall and Fortinet edge devices on 2026-04-15, with 88% of observed attempts appearing to originate from the Middle East and 56% of confirmed incidents from February to March tied to this attack type. Most attempts were blocked by security tools or used invalid usernames, and Barracuda advised stronger unique passwords, MFA on VPNs and firewalls, monitoring repeated failed logins, and restricting management interfaces to trusted IP ranges.
Show sources
- Researchers Spot Surge in Brute-Force Attacks from Middle East — www.infosecurity-magazine.com — 15.04.2026 12:30
- Researchers Spot Surge in Brute-Force Attacks from Middle East — www.infosecurity-magazine.com — 15.04.2026 12:30