Mandiant researchers said that after compromising FortiManager, the attackers have been observed exfiltrating configuration data for FortiGate firewall devices that have been managed using the tool.
"UNC5820 staged and exfiltrated the configuration data of the FortiGate devices managed by the exploited FortiManager," the investigators wrote. "This data contains detailed configuration ...