An update on FortiBleed – what's happening with victim orgs
15 hours ago
- #Threat Intelligence
- #FortiBleed
- #Data Breach
- FortiBleed involves attackers using an open directory error to expose their attack infrastructure, leading to unauthorized exports of Fortigate device configurations.
- Attackers cracked password hashes offline using rented enterprise GPUs, taking advantage of the accessibility of high-performance computing for malicious purposes.
- Thousands of organizations were compromised; attackers added admin accounts, modified firewall rules, and accessed VPNs, with evidence pointing to ransomware groups and financial motives.
- Victims should check published IP and domain lists, disconnect and rebuild compromised devices, enable MFA, update firmware, and rotate VPN keys.
- The incident highlights security gaps, like missing MFA on VPNs, and critiques Fortinet's response, suggesting better telemetry and threat intelligence sharing.