FortiBleed campaign targets FortiGate firewalls to harvest credentials and enable access

AI-Generated Summary

3 sources

1 day ago

1 views

FortiBleed campaign targets FortiGate firewalls to harvest credentials and enable access

Photo: Help Net Security

Key Points

Attackers target Fortinet FortiGate firewalls as part of the FortiBleed campaign.
Researchers say the campaign uses a custom sniffer to capture authentication secrets from compromised devices.
Reports estimate very large scale, including hundreds of thousands of FortiGate targets and potentially tens of millions of credentials.
Analysts describe an automated toolchain and scripts that support continued compromise after credential theft.
Some reports base findings on attacker artifacts and leaked materials exposed to the public during the campaign.

Multiple reports say the ongoing FortiBleed campaign focuses on compromised Fortinet FortiGate devices, where attackers use custom malware to capture authentication data. Security firm SOCRadar reports that the campaign relies on a custom “sniffer” component designed to harvest authentication secrets from firewalls already under attacker influence. Dark Reading adds that researchers identified a Golang-based sniffer and estimates the campaign targets roughly 430,000 FortiGate firewalls, with visibility into potentially 110 million credentials.

Help Net Security describes organizations’ exposure as widespread and notes that researchers have reconstructed much of the attack chain using leaked attacker artifacts, including tools, scripts, and credentials found exposed on an Internet-facing server. The reporting indicates the operation is automated and can escalate impact from credential theft toward further network compromise, with claims that some victims may reach domain-level control.

Across outlets, the core activity centers on credential harvesting from FortiGate systems as part of a broader, persistent campaign, with researchers continuing to analyze the tools and scope based on collected telemetry and exposed materials.

How Outlets Covered This Story

HEL

Help Net Security

What the Fortibleed campaign means for organizations running FortiGate firewalls

A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually detailed look at how the operation worked. Analysts from ZenoX and CloudSEK have pieced together the full attack chain from the FortiBleed leak, revealing a sophisticated, highly automated pipeline that in some cases achieved full domain-level control of victim … More → The post What the Fortibleed campaign means for organizations running FortiGate firewalls appeared first on Help Net Security.

14 hours ago

DAR

Dark Reading

FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist

The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign.

16 hours ago

BLE

Bleeping Computer

FortiBleed campaign used custom FortiGate sniffer to steal credentials

Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. [...]

1 day ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

FortiBleed campaign targets FortiGate firewalls to harvest credentials and enable access

U.S. Supreme Court backs Trump administration in immigration case involving green card holders

Inquirer.net publishes Tuldok entries across multiple May 2026 dates

Dermot Desmond defamation action against The Irish Times can be struck out