A widespread hacking campaign, dubbed FortiBleed, has compromised tens of thousands of Fortinet firewalls and VPNs used by major companies worldwide. According to reports from cybersecurity firms Hudson Rock and SOCRadar, the attackers did not exploit unknown vulnerabilities but relied on a more fundamental issue: companies failing to change default passwords or ensure credentials for sensitive internet-exposed systems are not already known to hackers.
How the Attack Works
The attack begins with automated tools scanning the internet for exposed Fortinet firewalls and VPNs. Once identified, criminals use lists of previously known passwords to breach the devices. After compromise, the device is used as a listening post to monitor passing traffic and collect additional credentials, which are then fed back into the scanner to compromise even more devices. As SOCRadar explained, the system self-feeds, creating a continuous cycle of compromises.
Sponsored Protocol
Hudson Rock estimated over 73,000 unique Fortinet URLs were hacked, while SOCRadar puts the number at over 30,000 compromised devices. Affected companies include prominent names such as Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC. A Lenovo spokesperson acknowledged receipt of a request for comment but did not respond; the other companies did not reply.
Geographic and Sector Impact
According to both reports, the most affected countries are India, the United States, Taiwan, and Mexico, but victims are spread globally. The most targeted sectors include IT services, construction materials, and telecommunications, as noted by Hudson Rock, while SOCRadar also lists government agencies among the victims. Both firms believe the group behind the campaign is Russian-speaking. Fortinet did not respond to requests for comment.
Sponsored Protocol
This campaign is based on the discovery of a list of credentials for Fortinet devices and associated companies, first reported by security researcher Bob Diachenko. Independent researcher Kevin Beaumont analyzed the data and confirmed its authenticity. Unlike other campaigns that exploit software vulnerabilities, FortiBleed relies on leaked passwords, a simpler but highly effective attack.
For deeper insights into securing systems, the Definitive Pillar Guide for Production offers valuable configuration advice. Also, the article on Qualcomm Snapdragon Reality Elite shows how innovation coexists with security risks. For broader context on cyber threats, refer to the Wikipedia page on cyberattacks.
