Summary (Bottom Line Up Front)
A Hong Kong-based threat actor (199.45.155.98) conducted focused reconnaissance against FortiGate infrastructure on 2026-03-17 around 07:00, generating 78 attack events within a one-hour window. This represents an active exploitation phase with medium threat level targeting network security appliances. Organizations running FortiGate devices should immediately review access logs and implement enhanced monitoring.
Activity Timeline
INITIAL REPORT2026-03-17T23:30:03Z
Source: Analyst Manual Entry
A Hong Kong-based threat actor (199.45.155.98) conducted focused reconnaissance against FortiGate infrastructure on 2026-03-17 around 07:00, generating 78 attack events within a one-hour window. This represents an active exploitation phase with medium threat level targeting network security appliances. Organizations running FortiGate devices should immediately review access logs and implement enhanced monitoring.
Technical details
The attacker employed HTTPS/TLS 1.0 protocols to conduct systematic reconnaissance against FortiGate login interfaces and probe unknown paths across 2 unique destination ports. Attack patterns included login page enumeration and path discovery techniques, consistent with MITRE T1590 (Gather Victim Network Information) and T1595 (Active Scanning). The source IP maintains a maximum AbuseIPDB reputation score of 100/100, indicating established malicious activity. Key IOC: 199.45.155.98 (Hong Kong, no reverse DNS resolution).
IOCs
IP:199.45.155.98
COUNTRY:HK
Recommendations
- Block source IP 199.45.155.98 at perimeter firewalls and update threat intelligence feeds
- Review FortiGate access logs for the timeframe 2026-03-17 07:00-08:00 for successful authentication attempts
- Implement rate limiting on FortiGate management interfaces to prevent brute force attacks
- Enable multi-factor authentication on all FortiGate administrative accounts if not already configured
- Monitor for similar reconnaissance patterns targeting other network security appliances in your environment