Cybercriminals have reportedly compromised tens of thousands of Fortinet firewalls and VPNs utilized by major companies worldwide. This extensive hacking campaign, dubbed ‘FortiBleed,’ does not exploit unknown vulnerabilities but rather capitalizes on organizations failing to change default passwords and using credentials that have already been exposed.
The attackers employ automated tools to scan the internet for exposed Fortinet devices. Once identified, they gain access using lists of previously known passwords. After compromising a device, the hackers monitor traffic and collect additional credentials, which are then used to infiltrate more systems, creating a self-sustaining cycle.
According to cybersecurity firms Hudson Rock and SOCRadar, over 73,000 unique Fortinet URLs have been hacked, with more than 30,000 devices compromised. Affected companies include Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC. The most impacted countries are India, the United States, Taiwan, and Mexico, with industries such as IT services, construction materials, and telecommunications being the hardest hit. Government agencies are also among the victims. The group behind this campaign appears to be Russian-speaking.
In recent years, Fortinet devices have been targeted in several hacking campaigns, often exploiting vulnerabilities. However, this incident underscores the critical importance of basic cybersecurity hygiene. Organizations must ensure that default passwords are changed, credentials are regularly updated, and multi-factor authentication is implemented to protect against such attacks.
