Dernière minute
FREspagne : un incendie de forêt fait au moins 12 morts en AndalousieCN国家防总召开台风“巴威”防范应对专题调度会 张国清出席并讲话CN广西多地洪涝灾情严重,科技装备助力贵港师生安全转移ARفرنسا تقصي المغرب وتتأهل لنصف نهائي مونديال 2026RUЖитель Варшавы напал на полицейских с кастетами и мачетеCN中朝友好合作互助条约签订65周年纪念招待会在京举行RUЛейбористы просят смягчить миграционные реформы в ВеликобританииCNFAST望远镜荣获国家科技进步奖一等奖,彰显中国科技自立自强CN國民黨副主席蕭旭岑:積極的國共關係是維繫台海和平穩定的中流砥柱RUАльпинист погиб при срыве со скал в Кабардино-БалкарииFREspagne : un incendie de forêt fait au moins 12 morts en AndalousieCN国家防总召开台风“巴威”防范应对专题调度会 张国清出席并讲话CN广西多地洪涝灾情严重,科技装备助力贵港师生安全转移ARفرنسا تقصي المغرب وتتأهل لنصف نهائي مونديال 2026RUЖитель Варшавы напал на полицейских с кастетами и мачетеCN中朝友好合作互助条约签订65周年纪念招待会在京举行RUЛейбористы просят смягчить миграционные реформы в ВеликобританииCNFAST望远镜荣获国家科技进步奖一等奖,彰显中国科技自立自强CN國民黨副主席蕭旭岑:積極的國共關係是維繫台海和平穩定的中流砥柱RUАльпинист погиб при срыве со скал в Кабардино-Балкарии
Newsgather
BackTens of Thousands of Fortinet Firewalls and VPNs Compromised in Global Hacking Campaign
Tens of Thousands of Fortinet Firewalls and VPNs Compromised in Global Hacking Campaign
En développement
TechCrunch17.06.2026Tech2 dk okumaUnited States

Tens of Thousands of Fortinet Firewalls and VPNs Compromised in Global Hacking Campaign

L'essentiel

  • Cybercriminals have compromised over 30,000 Fortinet firewalls and VPNs globally in a campaign dubbed FortiBleed.
  • Hackers exploit weak or reused passwords to gain access, using compromised devices to steal more credentials and expand their reach.
  • Major companies like Accenture, Comcast, and Samsung are among the victims.

Résumé généré par IA

Pourquoi c'est important

A global hacking campaign, dubbed FortiBleed, is compromising tens of thousands of Fortinet firewalls and VPNs by exploiting weak or reused passwords. The campaign uses automated tools to scan for vulnerable devices and leverages lists of known credentials to gain access.

Taille de police

Cybercriminals have compromised tens of thousands of Fortinet firewalls and VPNs used by major companies all over the world, according to two cybersecurity firms.

The widespread hacking campaign, which is ongoing and has been dubbed FortiBleed, appears to not involve abusing any unknown vulnerability in the targeted devices, but rather on a more basic issue: Companies may not be changing passwords to the firewall, nor making sure that the credentials they use for sensitive systems exposed on the internet are not already known by hackers.

In this campaign, hackers are first using automated tools to scan the internet for exposed Fortinet firewalls and VPNs. Then, they are breaking into the devices thanks to lists of previously known passwords. At that point, the cybercriminals can steal more sensitive data from the victim companies, cybersecurity firms Hudson Rock and SOCRadar wrote in their reports that they published this week.

“Once a device is compromised, [the hackers] use it as a listening post, monitoring traffic passing through and collecting any additional credentials that flow by. Those freshly collected passwords are then fed back into the scanner to compromise even more devices. The system feeds itself,” SOCRadar wrote.

Hudson Rock said they found evidence that suggests more than 73,000 unique Fortinet URLs have been hacked, while SOCRadar said the total of hacked devices is more than 30,000.

According to Hudson Rock, the hacked companies include: Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC.

A Lenovo spokesperson acknowledged receipt of TechCrunch’s request for comment but did not respond. None of the other companies responded to a request for comment.

According to both Hudson Rock and SOCRadar, the countries with the most affected devices are India, the United States, Taiwan, and Mexico. But both companies say there are victims all over the world. As for industries, the most affected ones are IT services, construction materials, and telecommunications, according to Hudson Rock. Government agencies are also among the victims, per SOCRadar. Both cybersecurity companies said the group behind the hacking campaign appears to be Russian-speaking.

Fortinet did not respond to a request for comment.

Hudson Rock and SOCRadar’s reports are based on the discovery of a list of credentials for Fortinet devices and associated companies. This hacking campaign was first reported by security researcher Bob Diachenko over the weekend. Independent cybersecurity researcher Kevin Beaumont said in a blog post on Wednesday that he analyzed the data and confirmed the data “is legit.”

À surveiller

Perspective IA — des possibilités, pas des certitudes

  • Further exploitation of Fortinet devices and other network security products with similar vulnerabilities.

    Probable · En quelques semaines

  • Increased investment in cybersecurity solutions by affected companies and governments.

    Très probable · En quelques mois

Questions ouvertes

  • What specific actions will Fortinet take to address this vulnerability?
  • Will affected companies face regulatory penalties?
  • What is the extent of data stolen from victim organizations?

Sujets liés

This article was originally published by TechCrunch.

Articles liés

Rocket Report: Asia's Notable Rocket Debuts and Industry Developments
En développement·2 sa önce

Rocket Report: Asia's Notable Rocket Debuts and Industry Developments

Asia is set for notable rocket debuts with China's Long March 10B and India's Skyroot Vikram-1. The report also covers RFA's second launch attempt, the final Pegasus rocket flight, Impulse Space entering military launch competition, Isar Aerospace's Canadian launch site plans, Atlas V's final Amazon Leo mission, ArianeGroup's fairing deal, concerns over SpaceX's Transporter missions, ArianeGroup's engine upgrades, Falcon 9's reuse record, and Blue Origin's capital raise.

Ars Technica
Plus sur ce sujetcybersecurity