THE article discusses FortiBleed, a large-scale credential theft campaign targeting Fortinet devices, particularly FortiGate firewalls and SSL VPN gateways. The operation is driven by credential reuse, using stolen credentials from previous breaches. SOCRadar estimates over 86,644 Fortinet devices in 194 countries are compromised, with attackers exploiting poor operational security practices rather than software vulnerabilities.
Organizations are advised to change passwords immediately, enable multi-factor authentication, and limit internet exposure of management interfaces. The article also highlights ongoing monitoring for any potential sales of the stolen credentials on the Dark Web.