BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

New Fortinet Vulnerabilities Fuel Healthcare, Govt Breaches

FortiGate exploits grant network access for credential theft and data exfiltration by hackers.

  • Threat actors are exploiting vulnerabilities in FortiGate firewalls to gain initial network access and steal credentials.
  • The campaign specifically targets environments in healthcare, government, and managed service providers for credential harvesting.
  • Attackers use stolen service account credentials to deeply infiltrate networks, enrolling rogue devices and exfiltrating sensitive data.
  • The activity is often consistent with initial access brokers establishing footholds to sell to other cybercriminals.

In a significant cybersecurity alert for March 2026, SentinelOne researchers Alex Delamotte, Stephen Bromfield, Mary Braden Murphy, and Amey Patne reported a new campaign where threat actors are breaching networks by exploiting FortiGate Next-Generation Firewall appliances.

- Advertisement -

The attackers exploit recently disclosed vulnerabilities like CVE-2025-59718 or use weak credentials to extract critical configuration files. Consequently, they obtain encrypted service account credentials and detailed network topology information.

This setup allows the firewall to map user roles by fetching directory attributes, which is useful for role-based policies. However, this powerful access becomes a liability when attackers compromise the device.

In one November 2025 incident, attackers created a local “support” admin account and configured unrestricted firewall policies. Meanwhile, their periodic checks suggested an initial access broker establishing a persistent foothold for resale.

By February 2026, the attacker had decrypted and used LDAP credentials from a configuration file to authenticate to Active Directory. They then enrolled rogue workstations to gain deeper network access before detection halted further movement.

- Advertisement -

In a separate January 2026 case, attackers rapidly deployed remote access tools like Pulseway and MeshAgent after gaining firewall access. Furthermore, they downloaded a Java malware payload from an AWS cloud storage bucket using PowerShell.

This malware side-loaded a DLL to exfiltrate the NTDS.dit file and SYSTEM registry hive to an external server. “While the actor may have attempted to crack passwords from the data, no such credential usage was identified between the time of credential harvesting and incident containment,” SentinelOne added.

These appliances are high-value targets for both state-aligned espionage and financially motivated ransomware attacks. Consequently, their integration with authentication infrastructure like AD makes them a potent vector for initial network intrusion.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

IMF: Dollar stablecoins may amplify currency runs in fixed-rate economies

An IMF working paper by economist Brandon Joel Tan models how dollar stablecoins improve...

Must Read

6 Best VPN Providers That Accept Monero

Privacy and anonymity are probably the most important things that we should all consider in today's internet era. Although there are a lot of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading