Key Findings: Attackers are exploiting vulnerabilities or weak credentials in FortiGate Next-Generation Firewall (NGFW) devices to gain initial access to corporate networks. Once inside, the attackers extract configuration files containing service account credentials and information about the internal network structure. The campaign appears to target sectors such as healthcare, government agencies, and managed service providers. Attackers have abused features like Single Sign
