azat tv logo black

FortiBleed Breach: Global Cyber Campaign Exposes 75,000 Fortinet Firewalls

GoogleMake preferableGoogle NewsFollow

Popular Posts

Amanda Seyfried Reveals She Hired Bodyguard Following Political Backlash
16/06/2026, 15:30

Actor Corey Feldman Hospitalized Following Mid-Air Medical Emergency
16/06/2026, 13:30

Influencer Jen Hamilton Confirms Separation After 14-Year Marriage
16/06/2026, 20:30

Royal Tensions Escalate: Internal Conflict Over Sarah Ferguson’s Financial Demands
15/06/2026, 12:00

Marv Albert Reflects on Knicks Tenure and Contentious Split with James Dolan
18/06/2026, 21:00

America’s Got Talent Faces Backlash Over Visceral Stunt Performance
14/06/2026, 10:15

Roy Keane’s Public Pivot: A Softening Stance on Ferguson and the Evolution of a Pundit
16/06/2026, 14:45

Supreme Court Rejects Appeal from Suspended Federal Judge Pauline Newman
16/06/2026, 10:15

NASCAR Ejects Team Personnel Following Inspection Failures at Pocono
14/06/2026, 08:45

Patricia Ilhan, Philanthropist and Widow of ‘Crazy John’ Founder, Dies at 62
18/06/2026, 20:30

LATEST NEWS

The white Fortinet logo centered over a blue background of scrolling binary code

Quick Read

  • 75,000 Fortinet firewalls compromised globally.
  • Data spans 194 countries, affecting major firms like Samsung and Oracle.
  • Attackers used a 45-GPU cluster to crack weak SHA-256 credentials.

The Scale of the Exposure

A sophisticated, long-term cyber espionage campaign, now identified as ‘FortiBleed,’ has resulted in the exposure of administrative credentials for approximately 75,000 Fortinet FortiGate firewalls worldwide. Disclosed on June 18, 2026, the breach impacts organizations across 194 countries, including major global entities such as Samsung, Oracle, Siemens, and various critical infrastructure providers.

Related Articles

Security researcher Volodymyr “Bob” Diachenko, who first uncovered the exposed database, reported that the attackers utilized a high-powered 45-GPU cluster to crack authentication hashes. Independent verification by security researcher Kevin Beaumont and the firm Hudson Rock confirms the authenticity of the data, noting that the exposure represents nearly 50% of internet-facing Fortinet devices.

Tactical Analysis: How the Breach Occurred

The attackers reportedly employed large-scale automation to harvest configuration files from FortiGate devices. While Fortinet introduced more robust PBKDF2-based password hashing in early 2025, many systems remained vulnerable because they continued to utilize older, weaker SHA-256 salted hashes. Attackers successfully targeted these legacy configurations to recover plaintext credentials, enabling them to move laterally into internal corporate networks, including Active Directory environments.

Evidence suggests a Russian-speaking threat group is behind the operation. The attackers left traces of their infrastructure—including cron jobs, bash histories, and connection strings—exposed in an open directory, which allowed researchers to reconstruct the scale of the campaign. The breach has already resulted in documented intrusions, including the exfiltration of sensitive documents from a Turkish defense contractor.

Strategic Implications

The FortiBleed incident highlights a critical failure in ‘password hygiene’ and the risks associated with leaving management interfaces exposed to the public internet. By targeting the edge of corporate networks, the attackers gained a foothold that bypasses standard perimeter defenses. The inclusion of major multinational corporations in the leaked dataset suggests that this was not a opportunistic attack, but a coordinated effort to secure persistent access to high-value targets. Organizations are urged to rotate all administrative passwords, enforce multi-factor authentication, and move management interfaces behind private networks immediately.

|
Creator:Azat TV Editorial