A massive cyber espionage campaign compromised tens of thousands of Fortinet firewalls and VPN gateways across 194 countries, exposing credentials and enabling deep network intrusions. The operation, linked to a Russian-speaking cybercriminal group, affected major organizations such as Foxconn, Samsung, Comcast, Siemens, Lenovo, PwC, Accenture, and Oracle, with confirmed breaches including a Turkish NATO defense contractor. #Fortinet #FortiGate #HudsonRock #VolodymyrDiachenko #KevinBeaumont
Keypoints
- Over 73,000 Fortinet firewall URLs were targeted across 194 countries.
- The attackers performed billions of credential attempts against FortiGate and MSSQL targets.
- Stolen configuration data and offline brute-forcing were used to recover passwords.
- Compromises led to internal network access, Active Directory pivoting, and data exfiltration.
- Mitigation includes removing internet exposure, rotating credentials, enforcing MFA, and checking for backdoors.