Key facts
- Cybercriminals are exploiting thousands of Fortinet firewalls and VPNs.
- The campaign is named FortiBleed.
- Attackers use lists of known credentials to gain access.
- Compromised devices are used to steal further data.
- A 45-GPU cluster managed by Hashtopolis was used.
- The cluster intercepted and cracked SSL VPN authentication hashes.
- Network compromises resulted from the hash cracking.
- Classified defense documents were exfiltrated from a Turkish NATO contractor.
- Weak or reused passwords are a primary exploitation vector.
Cybercriminals are actively exploiting thousands of Fortinet firewalls and VPNs used by major global companies in an ongoing campaign dubbed FortiBleed. This campaign relies on lists of known credentials to gain unauthorized access to these network security devices. Attackers then utilize the compromised devices to steal further sensitive data.
In a related development, a significant 45-GPU cluster managed by Hashtopolis was employed to intercept and crack SSL VPN authentication hashes. This sophisticated attack method directly led to network compromises across numerous organizations. Among the victims, classified defense documents were exfiltrated from a Turkish contractor working with NATO.