Cybersecurity firm Arctic Wolf has issued a warning regarding a surge in automated malicious activities targeting Fortinet’s FortiGate devices. This discovery, which began on January 15, 2026, involves unauthorized changes to firewall configurations and is reminiscent of a prior attack in December 2025. These attacks exploited vulnerabilities CVE-2025-59718 and CVE-2025-59719, allowing attackers unauthorized access through manipulated SAML messages when the FortiCloud single sign-on (SSO) feature is utilized.
Arctic Wolf detailed the nature of the recent attacks, which included the creation of generic accounts for persistent access, configuration alterations to enable VPN access, and the extraction of firewall configurations. Notably, attackers have been using a malicious SSO account "[email protected]" from multiple IP addresses to execute their plans. Firewalls at risk are configured to export their settings to these addresses. The identified IPs include:
- 104.28.244.115
- 104.28.212.114
- 217.119.139.50
- 37.1.209.19
In addition, the attackers set up secondary accounts with names like "secadmin," "itadmin," and others to maintain their unauthorized presence. The synchronized timing of these events strongly suggests that these actions are automated.
This alarming situation has been echoed on Reddit, where users have reported seeing malicious SSO logins on FortiOS devices, even those that have been fully patched. One user indicated that Fortinet developers acknowledged that the vulnerability is still present in version 7.4.10.
In response to these developments, it is advisable for users to disable the "admin-forticloud-sso-login" setting to mitigate potential risks.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.