During the first quarter of 2026, a notable increase in attacks targeting network devices was recorded, with 90% of these incidents originating in the Middle East, according to a report by Barracuda. The most affected devices were SonicWall and Fortinet FortiGate, which accounted for more than half of all threat activity recorded between February and March of this year.
More problems in the Middle East!
Anthony Fusco, cybersecurity analyst manager at Barracuda, commented that the attacks were identified based on the geolocation of the IP addresses, most of which came from various locations in the Middle East. Although IP addresses alone are not a reliable indicator, Fusco noted that it is reasonable to assume the involvement of groups linked to states and professional actors, as well as opportunistic groups. Additionally, hackers are aggressively scanning perimeter devices for weak or exposed credentials.
This increase in malicious activity coincides with the rise in tensions in the region, following the bombings by the U.S. and Israel at the end of February. U.S. authorities, including the FBI and the Cybersecurity and Infrastructure Security Agency, warned that hackers linked to Iran have targeted critical infrastructure in the country. Although Barracuda did not establish a clear link between these attacks and the conflict in the region, the timeline suggests a correlation.
Security experts recommend implementing multifactor authentication on firewalls and VPNs, as well as using complex passwords and monitoring failed login attempts. The specific attention to devices like SonicWall and Fortinet is not surprising, as they are considered high-value targets for initial access. In the summer of 2025, SonicWall had already suffered a series of brute force attacks, suggesting a continuity in the risk for these devices.