FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog
ID: 4956d03c-1ac4-5a9a-9e19-69ee3f2ea1ef
STIX ID: report--4956d03c-1ac4-5a9a-9e19-69ee3f2ea1ef
Feed Name: Security Affairs
A security researcher discovered an exposed server containing valid login credentials for 73,932 Fortinet devices spanning 21,632 organizations in 194 countries; the data was part of an access-brokering operation run by a seller (“SantaAd”) who performed large-scale brute-force and cracking activity, cataloged victims with revenue/sector metadata for resale, and advertised live auctions—indicating active criminal resale (likely to ransomware actors) and a systemic operational pipeline leveraging rented infrastructure and AI-driven tooling.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
