External threat actor at IP 2.57.122.234 conducted a 42-day reconnaissance and credential harvesting campaign from March 1-April 12, 2026, generating 112 attack events primarily targeting Fortinet devices and authentication systems. Assessment indicates MEDIUM threat level with sophisticated APT-lik…
IP address 216.180.246.151 conducted reconnaissance scanning targeting administrative login interfaces on March 21, 2026 between 09:00-10:00 UTC, generating 63 security events over a 4-minute window. This activity represents MEDIUM-risk pre-attack reconnaissance consistent with credential harvesting…
A US-based actor conducted focused vulnerability scanning and FortiGate SSL VPN exploitation attempts against internet-facing infrastructure over a 2-hour window on 2026-02-28. The activity generated 125 events targeting a single destination port, indicating automated tooling focused on specific att…