Security Alert | Fortinet Firewall & VPN Credential Compromise

Published on Monday, 22 June 2026 at 10:59:01 AM

Australia's Cyber Security Centre (ASD's ACSC) has issued an urgent advisory regarding a widespread malicious campaign targeting Fortinet devices through exposed and stolen credentials. If successfully exploited, attackers can gain remote access to affected devices and connected networks, and may alter security controls without detection.

Are you at risk?

If your organisation uses Fortinet Firewall or VPN services, you should treat this as requiring immediate attention.

Integrated ICT Client Update

We can confirm that all Integrated ICT managed clients utilising Fortinet devices have been reviewed and their environments are secure. Our team acted promptly upon becoming aware of this advisory and has completed the necessary checks across all affected client infrastructure. If you have any questions about your environment, please don't hesitate to get in touch.

What you should do right now

If you manage your own Fortinet infrastructure or use a different provider, we strongly recommend taking the following steps immediately:

  • Rotate all credentials — change admin and VPN passwords immediately
  • Patch your devices — ensure firmware is up to date to close known vulnerabilities
  • Restrict management interfaces — firewall admin panels should not be accessible from the internet unless strictly necessary
  • Enable Multi-Factor Authentication (MFA) — on all external-facing interfaces
  • Check your password hashing — ensure credentials are stored using PBKDF2; log back into all admin accounts after updating to force re-encryption
  • Review your logs — look for unusual login activity, unexpected configuration changes, or anomalous access patterns

Need help?

If you manage your own Fortinet environment and would like a second opinion, or if you have any concerns about your cybersecurity posture, contact our team today.

Call 08 6374 8200

email hello@integratedict.com.au or complete an online form.

For the full ASD's ACSC advisory, visit cyber.gov.au.

To read Fortinet's blog, visit Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog

Back to All News