FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist
ID: 973f8f64-8590-5e71-8ab7-419b0eb73c69
STIX ID: report--973f8f64-8590-5e71-8ab7-419b0eb73c69
Feed Name: Dark Reading
Researchers uncovered the FortiBleed campaign in which attackers deploy a Golang sniffer (FortigateSniffer) on Internet-exposed FortiGate firewalls to passively capture credentials across ~24 authentication protocols. The campaign has created hundreds of credential-harvesting pipelines, impacted a global set of devices (reportedly targeting >430,000 FortiGate instances), and resulted in the theft of over 110 million credentials; attackers then crack and reuse those credentials for AD/SMB access, lateral movement, data theft and downstream ransomware or resale.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
