FortiBleed exposed 75,000 compromised Fortinet firewalls and showed how attackers rented Vast.ai GPU clusters to crack passwords at industrial scale using Hashtopolis and Telegram-managed infrastructure. The campaign highlights how compromised edge devices, infostealer logs, and cracked credentials can enable lateral movement into vendors, MSPs, and internal networks. #FortiBleed #Fortinet #VastAI #Hashtopolis #Cursor #Telegram #SantaAd #Infostealer
Keypoints
- FortiBleed exposed valid credentials for nearly 75,000 FortiGate firewalls across 21,632 domains.
- Attackers rented 36 enterprise-class GPUs from Vast.ai to crack hashes cheaply and quickly.
- Hashtopolis and Telegram were used to manage the distributed password-cracking operation.
- The attackers leveraged AI-assisted tools like Cursor and agentic pentesting frameworks during intrusion activity.
- Compromised Fortinet edge devices created a supply chain risk by enabling pivots into vendors and internal networks.