Ethical Hacking News
A devastating global breach has exposed nearly 74,000 Fortinet devices from over 21,000 IP addresses in 194 countries to Russian-speaking attackers. The breach gives the attackers near-unrestricted access to some of the world's largest and most powerful organizations, highlighting the vulnerability of firewalls as a favorite network entry point for hackers.
74,000 devices from 21,000 IP addresses in 194 countries compromised by Russian-speaking attackers.Fortinet firewalls vulnerable to attack, exposing organizations like Oracle, Chevron, and Lenovo.Attackers used custom binary with 25,000 threads and massive GPU cluster to crack passwords.Breach described as "exceptional" in scale and sophistication.Data stolen includes industry, revenue, and employee count for affected organizations.Turkish NATO defense contractor had classified defense documents exfiltrated.Fortinet users urged to investigate networks immediately for signs of compromise.
Fortinet firewalls have been compromised, exposing nearly 74,000 devices from over 21,000 IP addresses in 194 countries to Russian-speaking attackers. The breach has given the attackers near-unrestricted access to some of the world's largest and most powerful organizations, including Oracle, Chevron, Lenovo, Federal Express, a NATO defense contractor, and Fortinet itself.
The attack, which began with mass-scanning the Internet for FortiGate remote login endpoints, was carried out using a custom binary with 25,000 threads. The attackers then used a massive, dedicated 45-GPU cluster to crack the passwords of compromised devices, allowing them to access affected organizations' centralized authentication systems, such as Radius servers and Microsoft Active Directory.
The breach has been described by security researchers as "exceptional" in scale and sophistication. The attackers built a verified database of working credentials for some of the largest enterprises on the planet, with the data also including industry, revenue, and employee count for each compromised organization.
The top countries where compromised devices were found were India, the US, Taiwan, Mexico, Turkey, and Thailand. The top industries affected were IT services, construction materials, telecommunications, construction and engineering, industrial equipment, and financial services. Other organizations whose data appeared in the database included major government agencies and critical infrastructure providers.
Security researchers have urged Fortinet users to investigate their networks immediately for signs of compromise. The breach highlights the vulnerability of firewalls as a favorite network entry point for hackers and serves as a reminder of the importance of robust operational security measures.
In an interview, Dan Goodin noted that the scale didn't stop there. The attackers used a "feedback-driven, 12-level recursive system" to crack passwords, which improved with each successful guess. This innovative approach contrasts sharply with the operational security of the attackers, who left artifacts on the server they used, making them amateur mistakes in hacker circles.
The breach has sparked concerns about the potential for widespread harm and data exfiltration. Researchers have confirmed that this includes a Turkish NATO defense contractor from which classified defense documents were successfully exfiltrated by the group.
Fortinet users are advised to take immediate action to secure their networks and prevent further compromise. The incident serves as a wake-up call for organizations to review their security measures and ensure they are taking adequate steps to protect themselves against such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Devastating-Global-Breach-Thousands-of-Sensitive-Networks-Compromised-by-Fortinet-Firewalls-ehn.shtml
https://arstechnica.com/security/2026/06/massive-breach-spills-credentials-for-thousands-of-sensitive-networks/
https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/
Published: Wed Jun 17 17:56:58 2026 by llama3.2 3B Q4_K_M
