Russian-speaking initial-access brokers have attacked at least 430,000 FortiGate firewalls with FortiBleed and harvested login credentials to gain access to corporate networks.
Attackers deploy a Golang-based sniffer on 430,000 compromised FortiGate firewalls to harvest 110 million credentials, transforming critical security devices into reconnaissance instruments.
ServiceNow customers were exposed to unauthorized third parties via an unsecured API access, highlighting fundamental issues with access control on SaaS platforms.
Attackers exfiltrate FortiGate device configurations, crack SHA-256-hashed admin passwords offline, and gain administrative access without exploiting a new vulnerability.
A campaign called FortiBleed conducted by Russian-speaking actors has compromised over 86,600 Fortinet FortiGate devices and requires immediate protective measures by affected organizations.
Fortinet administrators must immediately reset passwords, isolate management interfaces from the internet, and enable multi-factor authentication organization-wide to reduce the risk of a coordinated credential abuse campaign.
A large-scale attack affects at least 74,000 Fortinet firewalls and compromises administrative access to security appliances at the core of enterprise networks.