Fortinet SSL VPN Targeted in Brute Force Attack Using Residential Ips

VPNs, or Virtual Private Networks, are very popular tools for online security. Used for both personal and enterprise purposes, VPNs conceal the actual IP address of their users, thereby reducing the risk of online attacks. Its ability to hide the user’s actual IP address also helps in preventing various forms of tracking.

This is the reason why VPN and other cybersecurity companies are constantly under attack. Hackers look for vulnerabilities in these VPNs, as any access could mean a wealth of information they can use for nefarious purposes. It’s a challenge VPN companies face constantly, while individuals and companies that use these VPNs should also be aware of the possible risks.

Fortinet SSL VPNs Attacked

Fortinet, a cybersecurity company based in California, was recently the target of a highly coordinated attack, according to Cyber Press. The attack targets the company’s SSL VPN, utilizing Brute Force tactics in an attempt to access the system.

Attacks on the SSL VPN infrastructure are expected. Security companies such as Fortinet experience this daily. However, this attack is notable because a large number of IP addresses were employed in an attempt to achieve its objective on August 3 and 5, 2025. In total, more than 780 IP addresses were logged during the attack. These IP addresses originate from four countries: The Netherlands, Russia, Canada, and the US.

Probing with Residential IP Addresses

According to The Hacker News, the attack initially targeted Fortinet’s Operating System, FortiOS. The Operating System is designed to control the different hardware and services offered by the security company. After waves of attacks targeting different countries worldwide through brute force, the attack shifted to FortiManager.

The shift signifies intent to take advantage of any vulnerabilities in the system. FortiManager’s role in securing the network is equally important because of its administrative function in configuring the security of network devices.

The IP addresses associated with these attacks are connected to residential IP addresses. As it conceals itself as a trusted connection, it attempts to penetrate the security protocols of Fortinet security devices, hoping to find vulnerabilities. The use of residential IP addresses also raises the possibility of hackers taking over select residential IP addresses across four countries for various purposes.

Fortinet’s History of Attacks

Fortinet has experienced its fair share of attacks as hackers aim to gain access to the company’s sensitive information and more. In fact, research suggests that the same hacker tried to gain access to a FortiGate device last June 2025.

In 2023, Fortinet faced a formidable challenge when a Chinese state-sponsored attack was initiated against FortiGuard devices. In 2024, another hacker allegedly leaked more than 400GB of data illegally taken directly from the company’s SharePoint Server. These attacks are not against Fortinet itself, as hackers tend to focus on individuals, institutions, businesses, and even governments that use Fortinet as their security measure.

If these attacks are successful, expect a security patch from Fortinet to address the vulnerability. Network administrators also have to be actively monitoring their networks to prevent any unexpected attacks that could expose sensitive data and more.