logo

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

ID: 078edace-518a-5d1a-9d63-5a3b82ba02b3

STIX ID: report--078edace-518a-5d1a-9d63-5a3b82ba02b3

Feed Name: Security Affairs

Threat Score
90/100

Date Published: 2026-06-22

Date Updated: 2026-06-22

Author: Pierluigi Paganini

...
...

**FortiBleed: large-scale credential-harvesting campaign targeting FortiGate firewalls** — SOCRadar’s report details an active, sophisticated operation that targeted 430,000+ FortiGate devices, collected ~110 million credentials via a Golang sniffer and brute-force/credential-stuffing, cracked hashes with distributed GPU resources, and enabled at least one confirmed breach of a NATO-aligned defense contractor; the report maps the full five-phase attack chain, infrastructure, and mitigation steps.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.