Inside the FortiBleed Open Directory: A Technical Analysis of What the Attacker Left Behind
ID: 7314cbc9-18bd-5794-9e12-d732dc151d0d
STIX ID: report--7314cbc9-18bd-5794-9e12-d732dc151d0d
Feed Name: CloudSEK Blog
**CloudSEK analysis of the "FortiBleed" operation:** a large-scale criminal credential-harvesting and access-for-sale campaign targeting internet-facing Fortinet devices (and other web-login appliances) whose exposed attacker server revealed scanners, a Hashtopolis-based cracking pipeline, credential and target catalogues, post-exploitation AD tooling, and live VPN access; while ~21,632 entries were advertised, the operators' own tooling shows ~918 organisations with captured internal traffic and only ~148 confirmed AD compromises, and the report includes multiple IP indicators and actionable mitigations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
