The Australian Cyber Security Centre (ACSC) has issued an alert about public reporting of a “widespread malicious campaign” targeting Fortinet firewalls and VPN gateways, warning that exposed credentials and credential-based attacks could enable unauthorised access to devices and connected networks.
In the alert, dated 18 June 2026, the ACSC said it was aware of reporting that attackers were using exposed credentials to gain remote access, potentially allowing changes to device settings, including security controls, and leading to further credential exposure.
The agency said the alert was relevant to Australians and Australian organisations that use Fortinet devices and was intended for a technical audience.
As mitigations, the ACSC advised organisations using Fortinet firewall or VPN services to rotate all admin and VPN credentials immediately, ensure devices are patched, and restrict exposure of management interfaces to the internet unless necessary.
The ACSC also recommended enforcing multi-factor authentication for all external interfaces, ensuring credentials are stored with PBKDF2 hashing, and examining logs for suspicious authentication activity, abnormal logins, or changes.
Organisations that have been impacted, suspect they have been impacted, or require advice can contact the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371). The full alert is available at https://www.cyber.gov.au/about-us/view-all-content/Reported-widespread-credential-exposure-affecting-Fortinet-Firewalls-and-VPN-Gateways.
