FortiBleed campaign used custom FortiGate sniffer to steal credentials
Summary
A large-scale campaign dubbed FortiBleed has been identified, targeting Fortinet FortiGate devices. Attackers are using custom sniffers to steal authentication secrets and credentials from compromised firewalls.
IFF Assessment
FOE
The discovery of a campaign actively stealing credentials from network devices represents a direct threat to defenders.
Defender Context
Defenders should be aware of the FortiBleed campaign targeting Fortinet FortiGate devices. It is crucial to monitor network traffic for suspicious activity indicative of credential harvesting and to ensure all FortiGate devices are patched against any known vulnerabilities. This campaign highlights the ongoing threat of compromised network infrastructure being used for further attacks.