a russian-speaking cybercrime group used approximately 1.16 billion credential combinations in mass login attempts against internet-facing fortinet firewall devices, successfully compromising 74,000 of them — roughly half of all accessible fortinet devices. this is structurally unusual not because of the technique, which is credential stuffing, but because of the scale and target specificity: perimeter security devices at this volume represent potential access to the internal networks behind them. the campaign is described as ongoing.