Throughout early 2026, SentinelOne’s® Digital Forensics & Incident Response (DFIR) team has responded to several incidents in which FortiGate Next-Generation Firewalls (NGFW) have been compromised to establish a foothold in the targeted environment. Each incident was detected and stopped during the lateral movement phase of the attack. Fortinet disclosed and issued patches for several high-severity vulnerabilities, allowing unauthorized access during our investigation period. Successful explo
dfir (2)
SentinelLABS has provided yet another expert analysis. Tracking threat actor infrastructure has become increasingly complex. Modern adversaries rotate domains, reuse hosting, and replicate infrastructure templates across operations, making it difficult to connect isolated indicators to broader activity. Checking an IP address, a domain, or a certificate in isolation often yields little value when adversaries hide behind short-lived domains and churned TLS certificates. As a result, analysts
