430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link
ID: 0bfc5d47-f788-502e-9f88-78e30949913e
STIX ID: report--0bfc5d47-f788-502e-9f88-78e30949913e
Feed Name: Security Affairs
SOCRadar reports that FortiBleed—a credential-harvesting campaign abusing FortiOS packet-diagnostic functionality—collected credentials from approximately 430,000 FortiGate firewalls worldwide; investigators mapped operational servers, confirmed admin-level access on 409 targets and full domain compromise on 354, and directly linked the infrastructure and operators to INC Ransom and Lynx ransomware deployments (at least 12 confirmed), demonstrating a structured criminal operation that converted intercepted credentials into impactful ransomware intrusions.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
