Home / Technology / Fortinet Breach Exposes Global Giants to Russian Hackers
Fortinet Breach Exposes Global Giants to Russian Hackers
18 Jun
Summary
- Nearly 74,000 Fortinet devices worldwide compromised.
- Russian-speaking attackers gained access to major organizations.
- Exposed credentials led to deep network penetration.
- Compromised entities include Oracle, Chevron, and a NATO contractor.
Russian-speaking attackers have achieved near-unrestricted access to some of the world's largest organizations by exploiting Fortinet firewalls. Researchers discovered that nearly 74,000 Fortinet devices in 194 countries had their plaintext credentials exposed online. This breach significantly impacts major corporations like Oracle, Chevron, and Lenovo, as well as a NATO defense contractor and Fortinet itself.
The attackers utilized a sophisticated method involving mass scanning and a custom binary to spray login combinations across numerous endpoints. They then exploited a 45-GPU cluster to crack intercepted SSL VPN authentication hashes. This allowed them to compromise centralized authentication systems, including Active Directory, leading to full network compromises in several nations.
Independent security researchers noted the exceptional scale of this operation, estimating that roughly half of all internet-facing Fortinet firewalls were affected. The attackers demonstrated innovative password-cracking techniques but exhibited poor operational security. Top affected countries include India, the US, and Taiwan, with the IT services sector being heavily impacted.
