Now NoName have picked up the fake toothbrush story as propaganda for their members.

Good job, Fortigate.

Kudos to @BleepingComputer for doing actual journalism.

Fortinet also declined to comment to me.

It's a completely made up story, which is now being circulated as Russian propaganda.
https://www.bleepingcomputer.com/news/security/the-unlikely-3-million-electric-toothbrush-ddos-attack/

The newspaper that had the first article about the Fortigate toothbrush botnet have updated the story and doubled down:

“The article originally said that the case "really happened like that."
This information came from the company Fortinet, which had described the case as real in the interview and proofread the article before publication. Fortinet is now correcting this statement and calling it a "hypothetical scenario". https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

During the whole toothbrush botnet thing, people said ‘yes, the story is fake but it COULD happen’.

Almost every smart toothbrush uses Bluetooth so no, it could not.

Somebody pointed me towards one on Amazon which says it uses wi-fi, so I ordered it and investigated.

The toothbrush only has Bluetooth. The charger uses wi-fi - but has no open TCP or UDP ports. Traffic is outbound only, TLS 1.3.

So no, it was just total nonsense.