Massive breach spills credentials for thousands of sensitive networks
CommentsResearchers have uncovered a massive breach of Fortinet firewalls that has given Russian-speaking attackers near-unrestricted access to some of the world’s largest and most powerful organizations, including Oracle, Chevron, Lenovo, Federal Express, a NATO defense contractor, and Fortinet itself.
Nearly 74,000 Fortinet devices from more than 21,000 IP addresses in 194 countries have been compromised and their plaintext credentials exposed online, Bob Diachenko, a security researcher and head of SecurityDiscovery.com, said online and in an interview. He said he found the data after gaining access to the attackers’ command-and-control server and other infrastructure. The exposed data also included the industry, revenue, and employee count for each compromised organization.
Exceptional scale, poor opsec
Independent researcher Kevin Beaumont reported that “almost all” of the compromised devices remained online as of Wednesday morning. He went on to say that he has confirmed with multiple organizations found in the attackers’ logs that the credentials are real and current. In many cases, once the threat actors compromised the devices, they went on to access affected organizations’ centralized authentication systems, such as Radius servers and Microsoft Active Directory. The number of compromised devices comprises roughly half of all Internet-facing Fortinet firewalls, based on polling from Shodan.
Read full article
Comments
Related Articles
Japan Is Re-engineering Its Intelligence Apparatus
The establishment of a National Intelligence Council and a National Intelligence Bureau is part of a2026-06-18
At G7 debut, Takaichi puts economic security at heart of Japanese diplomacy
The prime minister's clearest imprint came in the area of critical minerals, where bloc leaders agre2026-06-18Trump signs MoU as Iran says uranium will remain in country, IDF Lebanon attacks 'breach' agreement
Iranian Foreign Ministry Spokesperson Esmaeil Baghaei said that the country's defensive capabilities2026-06-18
Mangione, accused insurance CEO killer, could face hurdles with mental breakdown defense
NEW YORK, June 17 (Reuters) - Luigi Mangione, the man accused of assassinating a health insurance ex2026-06-18
Ozempic and Wegovy linked to surprising drop in violent behavior
A Rutgers study suggests GLP-1 drugs such as Ozempic and Wegovy may weaken the link between impulsiv2026-06-18
“Digital Colonialism”: U.S. Demands to Access Africans’ Data Raise Privacy, Sovereignty Concerns
Rob Farmer for ProPublicaFrank Ssekamwa says the United States presented his country with an impossi2026-06-18
Latest Comments