A Russian initial access broker (IAB) is targeting over 430,000 FortiGate firewalls in the FortiBleed credential-harvesting campaign, as reported by SOCRadar. This multi-vendor operation, ongoing since at least February, compromises exposed firewalls to collect and sell unauthorized access credentials. The campaign has affected more than 110 million credentials, utilizing tools like FortigateSniffer to capture authentication traffic across various protocols.
The IAB focuses on small and medium businesses, particularly in sectors located in the United States and India, suggesting potential connections to state-sponsored groups. SOCRadar emphasizes the significant risk of compromising firewalls, which can expose entire organizational infrastructures.