How Infostealers Industrialize the Brute-Forcing of Corporate SSO Gateways

This report details a credential-stuffing campaign that leveraged Infostealer-harvested credentials (77% match rate against a sampled set) to attempt logins against F5 BIG-IP and other edge devices, often routed through a compromised Fortinet firewall; it describes an industrialized supply chain where stolen browser-saved SSO/ADFS credentials are aggregated, sold, and used by initial access brokers to gain network access.