FortiBleed: Large-scale Cyber Attacks on Firewalls

A new cyberattack campaign named FortiBleed has targeted over 430,000 FortiGate firewalls worldwide since February 2026. This operation is led by a Russian-speaking Initial Access Broker (IAB) seeking financial gain. The attackers employ a variety of techniques to gain access to sensitive data and compromise the security of the affected systems.

The FortiBleed campaign consists of several phases, including credential harvesting, searching for exposed services, and brute-forcing accessible systems. The attackers have specialized in developing custom malware to efficiently achieve their objectives. This approach has allowed them to compromise a large number of firewalls and steal sensitive information.

Techniques and Tactics of the Attackers

The attackers behind FortiBleed use a combination of automated tools and manual techniques to infiltrate systems. Initially, they gather lists of credentials that may come from various sources, including data leaks and phishing attacks. They then specifically search for exposed services that are vulnerable to attacks.

A central component of the campaign is brute-forcing, where the attackers attempt to guess passwords through systematic trial and error. This method can be particularly effective when weak or commonly used passwords are in place. The attackers also deploy custom malware to optimize their attacks and increase the likelihood of successful access.

The impact of the FortiBleed campaign is significant, as it not only jeopardizes the affected companies but also undermines trust in the security of network systems. The attackers often target critical infrastructures, which can potentially have serious consequences for public safety. The compromise of firewalls can allow attackers unrestricted access to internal networks.

Reactions and Measures from the Security Community

The security community has responded to the FortiBleed campaign by issuing warnings and recommendations for improving security. Experts advise regularly reviewing firewall configurations and ensuring that all systems are equipped with the latest security updates. Additionally, it is recommended to use strong, unique passwords and implement multi-factor authentication to minimize the risk of a successful attack.

The reactions to the campaign show that companies and organizations are increasingly becoming aware of the threats posed by cybercrime. Many companies have begun to revise their security protocols and invest in employee training to raise awareness of cyber risks. Collaboration among various stakeholders in the security community is seen as crucial to combating threats from attacks like FortiBleed.

The FortiBleed campaign is an example of the ever-evolving landscape of cyber threats. Attackers are using increasingly sophisticated techniques to infiltrate systems and steal data. The need to continuously adapt to new threats is of utmost importance for companies and organizations to ensure their network security.