FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
Summary
A Russian-speaking initial access broker has been linked to a large-scale credential-harvesting operation called FortiBleed. This operation has targeted over 430,000 FortiGate firewalls globally since February 2026, aiming to collect credentials through various methods including brute-forcing.
IFF Assessment
FOE
This operation represents a significant threat to organizations as it aims to compromise their network defenses by stealing administrative credentials.
Defender Context
This incident highlights the ongoing threat of initial access brokers targeting widely used network devices like FortiGate firewalls. Defenders should ensure their firewalls are patched and protected against brute-force attacks, and review access controls and credential management practices.