FortiBleed campaign exposes 75,000 Fortinet firewalls worldwide
Summary
A campaign called "FortiBleed" has exposed tens of thousands of Fortinet firewalls worldwide, with attackers harvesting administrator credentials. This campaign is suspected to be linked to Russian-speaking threat actors and focuses on gaining persistent access to enterprise environments by exploiting vulnerabilities in Fortinet devices.
IFF Assessment
This campaign represents a significant threat to organizations using Fortinet firewalls, as it leads to widespread credential compromise and potential persistent attacker access.
Defender Context
This incident highlights the critical importance of securing network perimeter devices like firewalls and promptly patching any known vulnerabilities. Defenders should prioritize reviewing their Fortinet firewall configurations, ensuring strong authentication practices are in place, and monitoring for any signs of unauthorized access or unusual activity.