📢 FortiBleed : campagne de collecte de credentials ciblant les équipements FortiGate
📝 ## 🔍 Contexte

Le 19 juin 2026, Fortinet publie sur son blog PSIRT une analyse officielle d'une cam...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-23-fortibleed-campagne-de-collecte-de-credentials-ciblant-les-equipements-fortigate/
🌐 source : https://www.fortinet.com/blog/psirt-blogs/analysis-of-reported-credential-compromise-of-fortigate-devices
#FortiBleed #FortiGate #Cyberveille

#FortiBleed campaign used custom #FortiGate sniffer to steal credentials

https://www.bleepingcomputer.com/news/security/fortibleed-campaign-used-custom-fortigate-sniffer-to-steal-credentials/

#cybersecurity #Fortinet

A new report details the FortiBleed campaign, an active operation using a custom Golang sniffer, FortigateSniffer, to steal credentials from over 430,000 FortiGate firewalls. Threat actors exploit a built-in FortiOS command, `diagnose sniffer packet`, to capture live network traffic and extract sensitive authentication data like Kerberos, LDAP, and VPN credentials. This isn't a zero-day, but a…

https://www.tpp.blog/27v7268

#cybersecurity #fortibleed #fortigate

🤖 This post was AI-generated.

RT: @Huntio We want to give Volodymyr "Bob" Diachenko (@MayhemDayOne) a real shoutout here 👏

A couple of days ago, Bob found and broke the #FortiBleed story, the dataset tied to more than 70,000 exposed #FortiGate devices, linked to a Russian-speaking group running credential harvesting at scale.

The open directory he worked from came up through our Open Directory Intelligence, surfaced by AttackCapture. He spotted it in our data and ran his own investigation from there.

What he found:

→ SSL VPN authentication intercepted at scale
→ Hashes cracked offline on a dedicated GPU cluster
→ Roughly 1.16 billion credential attempts run against 320,000+ FortiGate targets, plus another 2.1 billion against 160,000+ MSSQL servers
→ Plaintext credentials reused for lateral movement into Active Directory once inside
→ At least four organizations fully compromised across Asia and the Middle East, including a NATO defense contractor with documents exfiltrated

This is the best kind of validation. A researcher we respect pulled it from the data, dug in, and published it on his own 🙌

If you want to see what AttackCapture surfaces for open directories tied to your own stack, it's live in the platform. Contact us to get started:

reminder that "fortibleed" is not a vuln. no CVE. no patch. nothing fucking "bled."

it's a russian-speaking crew firing 1.16 billion creds from old breaches and infostealer logs at every fortigate dumb enough to have its mgmt interface sitting on the public internet. ~50% of internet-facing boxes. half of you.

and before anyone cries "but my password was 28 characters with symbols": it didn't get cracked. it was already chilling in an infostealer dump in plaintext. great entropy, shame about the malware on your sales guy's laptop.

the -bleed suffix is marketing. the real CVE is CVE-2026-YOUREANIDIOT: "admin panel pointed at 0.0.0.0/0, password recycled from a 2022 breach, MFA considered but never enabled."

rotate the creds, yank the mgmt interface off the internet, force MFA, and maybe stop letting threat intel firms name your incidents like they're naming a fucking Marvel villain.

#infosec #fortinet #fortigate

Bleeping Computer: FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.. “A newly discovered data leak dubbed ‘FortiBleed’ has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide.”

📣🚨 #FortiBleed attack exposes Fortinet firewall credentials in 194 countries, with researchers linking the dataset to nearly 74,000 firewall URLs and 21,000+ affected domains.

Read: https://hackread.com/fortibleed-attack-fortinet-firewalls-credentials/

#Fortinet #FortiGate #Cybersecurity #DataBreach #VPN

📢 FortiBleed : 73 932 pare-feux Fortinet compromis par un groupe russophone à l'échelle mondiale
📝 ## 🔍 Contexte

Publié le 17 juin 2026 par Huds...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-fortibleed-73-932-pare-feux-fortinet-compromis-par-un-groupe-russophone-a-l-echelle-mondiale/
🌐 source : https://www.hudsonrock.com/blog/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosure
#FortiGate #Fortinet #Cyberveille