Ethical Hacking News
FortiBleed Exposes Global Credential-Spraying Operation: A massive global operation has been exposed, compromising billions of login attempts against Fortinet VPNs and leaving numerous organizations worldwide vulnerable to attacks. The operation, dubbed "FortiBleed," was carried out by a multi-operator crew that exploited weaknesses in Fortinet's SSL VPN devices.
FortiBleed: A global operation compromising billions of login attempts against Fortinet VPNs. 73,000 exposed FortiGate devices across 21,613 organizations in 207 countries were targeted. 1.16 billion credentials sprayed using a custom tool called "forticheck". The attack exploited weaknesses in Fortinet's SSL VPN devices and management interface. At least four organizations, including a Turkish defense contractor, were fully compromised. Security experts recommend rotating administrator credentials, upgrading FortiOS, and resetting employee credentials to mitigate the risk.
In a shocking revelation, a massive global operation has been exposed, compromising billions of login attempts against Fortinet VPNs and leaving numerous organizations worldwide vulnerable to attacks. This operation, dubbed "FortiBleed" by security researchers, has shed light on the alarming state of cybersecurity in today's digital landscape.
According to reports, the FortiBleed campaign was carried out by a multi-operator crew that mass-scanned millions of FortiGate and Sophos endpoints, compromising over 73,000 exposed FortiGate devices across 21,613 organizations in 207 countries. The attackers then used a custom tool called "forticheck" to spray credentials across every target, resulting in an astonishing 1.16 billion combinations.
The campaign was not targeted at specific individuals or organizations but was rather an industrial-scale attack designed to exploit vulnerabilities in Fortinet's SSL VPN devices. The attackers exploited weaknesses in the management interface and SSL VPN, allowing them to gain unauthorized access to sensitive information.
One of the most serious claims made by security researchers is that at least four organizations were fully compromised, including a Turkish defense contractor with NATO ties whose classified defense documents were exfiltrated. Other affected organizations include those from Japan, Taiwan, Vietnam, Iraq, and Turkey.
Security experts warn that an exposed FortiGate is not just a standalone problem but rather a sign that attackers have already found the organization more than once. To mitigate this risk, security researchers recommend taking several precautions, including rotating administrator credentials, upgrading FortiOS, invalidating active VPN sessions, and resetting employee credentials.
In light of this exposé, it has become imperative for organizations to take their cybersecurity seriously and invest in robust security measures to protect against such attacks. The use of FortiGate devices should be reviewed, and alternative solutions considered, especially those that provide a higher level of security.
The discovery of the FortiBleed campaign serves as a stark reminder of the importance of vigilance and proactive measures in the face of evolving cybersecurity threats. As organizations continue to navigate the complex digital landscape, it is crucial that they prioritize their security posture and stay informed about the latest vulnerabilities and attack vectors.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Global-Credential-Spraying-Operation-Exposed-The-FortiBleed-Campaign-ehn.shtml
https://securityaffairs.com/193931/hacking/fortibleed-exposes-global-credential-spraying-operation.html
Published: Sat Jun 20 05:03:34 2026 by llama3.2 3B Q4_K_M
