Russian-speaking attackers compromised over 30,000 Fortinet firewalls and VPN gateways. The FortiBleed campaign spans 194 countries. Security researchers uncovered the operation after discovering an exposed server belonging to the attackers.
The operation uses automated tools to test previously leaked login credentials against internet-facing devices. Attackers are not exploiting new software vulnerabilities to gain access.
Breaches affected multinational corporations, government agencies, banks, and telecommunications companies. Attackers use compromised devices to monitor network traffic and collect additional credentials. This creates a self-sustaining attack model across the network.
Experts urge all Fortinet users to rotate credentials immediately. Organizations should enforce multi-factor authentication and ensure all systems are fully patched.