SOCRadar says the FortiBleed campaign targeted more than 430,000 FortiGate firewalls and used a custom tool called FortigateSniffer to capture authentication traffic and steal credentials from compromised devices. The attackers allegedly abused FortiOS diagnostics, processed captured traffic with SNIFTRAN and a PCAP analysis toolkit, and used Hashcat on GPU clusters to crack hashes and extract secrets. #FortiBleed #FortigateSniffer #FortiGate #SNIFTRAN #Hashcat #FortiOS
Keypoints
- The FortiBleed campaign has targeted more than 430,000 FortiGate firewalls worldwide.
- Attackers used credential stuffing, brute force, harvesting, and offline cracking to gain access.
- FortigateSniffer abused FortiOS diagnose sniffer packet functionality to capture authentication traffic.
- Captured data was processed with SNIFTRAN and a PCAP toolkit to extract credentials and hashes.
- The stolen hashes were cracked with Hashcat on a distributed GPU cluster.