THE article details the FortiBleed operation, a significant Russian credential-harvesting campaign affecting over 430,000 FortiGate firewalls and capturing around 110 million credentials. Conducted by SOCRadar's Threat Research Unit (STRU), the report outlines the campaign's sophisticated five-phase attack chain, using custom tools and exploiting common vulnerabilities.
The infrastructure, believed to be operated by Russian actors, targets mostly small and medium-sized businesses globally, with a notable impact on sectors like IT services. Recommendations for organizations include rotating credentials, implementing MFA, and reviewing logs for unusual activity.