CISA is warning organizations to secure internet-facing Fortinet firewalls and VPNs after the FortiBleed campaign exposed more than 86,000 valid credentials across 194 countries. Investigators say the attack has been linked to a Russian-speaking threat actor using large-scale brute force and SSL VPN interception to compromise networks, including government and critical infrastructure entities. #FortiBleed #Fortinet #CISA #HudsonRock #SOCRadar
Keypoints
- FortiBleed has exposed over 86,644 confirmed credentials from internet-facing Fortinet devices.
- The campaign may affect roughly half of all Fortinet firewalls exposed to the internet.
- Attackers used automated credential testing, SSL VPN interception, and hash cracking to gain access.
- The operation is linked to a Russian-speaking threat actor and has impacted thousands of organizations.
- CISA advises terminating sessions, resetting credentials, enabling phishing-resistant MFA, and restricting management access.
Read More: https://www.securityweek.com/fortibleed-86000-fortinet-device-credentials-compromised/