Russian Initial Access Broker Behind FortiBleed Campaign
Summary
A Russian initial access broker has been identified as the perpetrator behind the FortiBleed campaign. This threat actor has been actively stealing credentials, accumulating over 110 million since February 2026 using a custom sniffer.
IFF Assessment
FOE
The discovery of an active threat actor extensively stealing credentials poses a direct threat to organizations and individuals, making it bad news for defenders.
Defender Context
This campaign highlights the persistent threat of initial access brokers who facilitate further attacks by providing stolen credentials. Defenders should be vigilant about credential stuffing and phishing attempts, and ensure robust multi-factor authentication is deployed across all services.