BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Massive FortiBleed Attack Hits Over 430,000 Firewalls

FortiBleed hackers steal 110 million credentials from 430000 firewalls targeting SMBs

  • A financially-motivated initial access broker has targeted over 430,000 FortiGate firewalls globally since February 2026.
  • The FortiBleed operation uses a custom tool to harvest over 110 million credentials, including hashed passwords and authentication tokens.
  • The campaign heavily targets Small and Medium Businesses (SMBs), especially in the IT services sector, to gain access to downstream customer environments.
  • Attackers use a Telegram bot named HASHBOT to orchestrate hash cracking and sell access to compromised devices for up to $60,000.

A Russian-speaking threat actor has orchestrated a massive credential-harvesting campaign, dubbed FortiBleed, which has compromised more than 430,000 Fortinet firewalls globally since February 2026. The financially-motivated operation leverages a custom Golang sniffer to steal authentication data from infected devices, according to a fresh report published by SOCRadar.

- Advertisement -

The campaign specifically targets the FortiGate administrative panel and SSL-VPN portal using credential stuffing attacks. Consequently, a tool called FortigateSniffer is deployed to capture cleartext passwords and hashes from 24 different network protocols.

Stolen credentials are then cracked using tools like Hashmat and Hashtopolis, orchestrated by a Telegram bot. Meanwhile, data captured by SpyCloud shows the operation runs in five-hour cycles with a high validation success rate.

The attackers focus heavily on Small and Medium Businesses, particularly in the IT services sector within the United States and India. This strategic targeting aims to maximize downstream access into customer networks through compromised service providers.

However, FortiBleed is part of a broader, multi-vendor operation that also breaches Synology, Sophos, and Citrix systems. The campaign has identified over 110 million credentials, including 14.8 million RADIUS credentials and 89 million MySQL tokens.

- Advertisement -

The group meticulously ranks targets by economic value before allocating exploitation resources. Furthermore, their sniffing activity is geofenced and restricted to Moscow business hours, as detailed in the SOCRadar report.

Access to thousands of compromised Fortinet devices is being advertised online by an entity named SantaAd. The initial asking price was $30,000, but it was quickly raised to $60,000 shortly after being advertised.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

US banking groups push Senate to tighten stablecoin yield rules in CLARITY Act

The American Bankers Association and 77 other banking groups sent a joint letter urging...

Grok AI Uploads Full Git Repos, Not Just Code Files

xAI's Grok Build CLI was uploading entire Git repositories with full commit history to...

BRICS expands to 10 members, challenges US dollar dominance by 2050

The BRICS bloc, now expanded to 10 members, is positioning itself as a counterweight...

Cathie Wood Boosts Nuclear Stakes: Buys OKLO, XE Shares

Cathie Wood's ARK Investment Management bought 100,854 shares of Oklo Inc. (OKLO) and 545,453...

White House crypto pointman Patrick Witt takes leave for JAG training

White House crypto adviser Patrick Witt will take a leave of absence at the...

Must Read

7 Best Crypto To Invest In This Year

Investing in cryptocurrencies has become a popular way for people to diversify their investment portfolio and make potential profits.However, with so many cryptocurrencies available...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading