Mandiant researchers said that after compromising FortiManager, the attackers have been observed exfiltrating configuration data for FortiGate firewall devices that have been managed using the tool.