CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Surge in brute-force attacks targeting SonicWall and Fortinet devices originating from Middle East infrastructure

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A significant increase in brute-force attacks aimed at SonicWall and Fortinet internet-facing VPN and firewall appliances has been observed, with 88% of detected attempts originating from infrastructure in the Middle East. The majority of these attacks were unsuccessful due to blocking by security tools or targeting invalid usernames, though persistent probing heightens the risk of eventual compromise through weak credentials or misconfigurations. Timing suggests possible correlation with regional geopolitical tensions, including US and Israeli actions against Iran.

Timeline

  1. 15.04.2026 12:30 1 articles · 9h ago

    Brute-force attacks surge against VPN/firewall appliances from Middle East infrastructure

    Security researchers reported a significant increase in brute-force attacks targeting SonicWall and Fortinet internet-facing VPN and firewall appliances, with 88% traced to Middle East-based infrastructure. Over 56% of confirmed incidents from February to March involved such attacks, primarily blocked due to invalid usernames or security tool intervention. Persistent probing raises the risk of eventual compromise through weak credentials or configuration errors.

    Show sources
    Open in new tab

Information Snippets

  • 88% of detected brute-force attacks against SonicWall and Fortinet devices were traced to Middle East-based infrastructure.

    First reported: 15.04.2026 12:30
    1 source, 1 article
    Show sources

  • Over half (56%) of all confirmed brute-force incidents from February to March involved attacks on perimeter devices like VPNs and firewalls.

    First reported: 15.04.2026 12:30
    1 source, 1 article
    Show sources

  • Most attacks were blocked or failed due to targeting invalid usernames, but persistent probing increases the risk of future compromise via weak credentials or misconfigurations.

    First reported: 15.04.2026 12:30
    1 source, 1 article
    Show sources

  • The campaign aligns with recent reports of Iranian-affiliated hackers targeting US critical infrastructure and medtech firms.

    First reported: 15.04.2026 12:30
    1 source, 1 article
    Show sources

  • A separate surge in "ClickFix" social engineering attacks was observed, where users are tricked into executing malicious scripts to ostensibly resolve fictitious technical issues.

    First reported: 15.04.2026 12:30
    1 source, 1 article
    Show sources