A Russian-speaking threat actor has harvested credentials from over 86,000 internet-facing FortiGate firewalls and VPN gateways running FortiOS versions prior to 7.2.11, 7.4.8, or 7.6.1, exploiting structural authentication weaknesses rather than a discrete CVE. The attack combines credential stuffing with passive traffic sniffing to create a self-reinforcing compromise cycle. Remediation requires both FortiOS upgrade and immediate, mandatory credential rotation on every affected device.