Tier-5 Intel Briefing | Alert 003: Fortinet Critical Exploit

Keith L Totten

— 1 min read
Tier-5 Intel Briefing | Alert 003: Fortinet Critical Exploit

🚨 CRITICAL VULNERABILITY ALERT Target: FortiGate / Fortinet Infrastructure Threat Actor: UNC-4102 (Active Exploitation)

We are tracking a high-velocity exploitation campaign targeting Fortinet edge devices. Persistence has been confirmed via custom web shells and unauthorized administrative account creation.

Full technical data, including 14 confirmed malicious IPs and protocol-specific beaconing signatures, is available below for Tier-5 members.

{
"metadata": {
"alert_id": "ALRT-003-FORTI",
"classification": "RED-PROTOCOL-TIER-5",
"threat_actor": "UNC-4102",
"timestamp": "2026-02-24T15:30:00Z",
"severity": "CRITICAL"
},
"indicators": {
"network_ips": [
"185.220.101.44", "45.147.230.12", "193.233.20.158",
"91.208.197.102", "185.156.174.201", "77.247.110.15",
"103.149.162.191", "195.123.241.67", "5.255.99.108",
"89.248.165.114", "185.176.222.39", "109.236.80.122",
"217.138.210.10", "46.246.120.191"
],
"file_hashes_sha256": [
"a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"f0e9d8c7b6a5f4e3d2c1b0a9f8e7d6c5b4a3f2e1d0c9b8a7f6e5d4c3b2a1f0e9"
],
"behavioral_patterns": {
"protocol": "HTTPS/TLS",
"destination_port": 443,
"beacon_interval_ms": 12400
}
}
}