Fortinet Alerts on Credential Attack Targeting FortiGate

Fortinet Alerts on Credential Attack Targeting FortiGate

Posted on By CWS

Fortinet has released an urgent security advisory addressing a widespread credential harvesting campaign aimed at FortiGate devices. Researchers have named this campaign ‘FortiBleed’, highlighting its significant impact on network security.

Exploiting Known Vulnerabilities

According to Carl Windsor’s analysis from Fortinet, the campaign exploits previously known vulnerabilities rather than new ones. The attackers leverage poor password practices and the lack of multi-factor authentication (MFA) to infiltrate systems.

FortiBleed affects up to 86,000 FortiGate firewalls and VPN devices across 194 countries, marking it as one of the most extensive security challenges for Fortinet to date.

Recycled Credentials and AI Techniques

The attack does not utilize zero-day vulnerabilities. Instead, it recycles credentials from prior incidents, identified as FG-IR-26-060 and FG-IR-25-647. Attackers employ AI-driven brute-force methods against exposed FortiGate devices lacking robust credential protections.

Fortinet emphasizes that this campaign is unrelated to recent vulnerability disclosures, reassuring that systems following previous advisories should remain secure.

Recommended Security Measures

Fortinet is actively identifying and notifying potentially compromised systems, working alongside government agencies to manage the threat. The primary vulnerability lies in weak or reused credentials on exposed devices, exacerbated by the absence of MFA.

Unauthorized access can lead to configuration changes, creation of rogue accounts, and potential lateral movement within networks, particularly those integrated with Active Directory or LDAP.

CISA has also issued guidance urging organizations to secure their Fortinet devices immediately.

Immediate Steps for FortiGate Users

Fortinet advises users to end all admin and VPN sessions, reset credentials, and enforce MFA. Upgrading to FortiOS versions 7.4, 7.6, or 8.0 is crucial, as these versions support stronger credential hashing techniques.

Users should also audit configurations, monitor logs for unusual activity, and restrict management access to trusted sources. Any signs of unauthorized changes or activity should prompt a full security review.

Future Outlook

Organizations are reminded of the critical need for prompt remediation of vendor advisories and consistent enforcement of MFA and strong password policies. Fortinet’s FortiGuard Incident Response team is available for further assistance in scoping suspected compromises.

The campaign underscores the importance of maintaining rigorous security measures to protect against credential-based attacks.

Follow us on Google News, LinkedIn, and X for more updates.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

CISA Alerts on RESURGE Malware Threat to Ivanti Devices CISA Alerts on RESURGE Malware Threat to Ivanti Devices Cyber Security News
Windows User Account Control Bypassed Using Character Editor to Escalate Privileges Windows User Account Control Bypassed Using Character Editor to Escalate Privileges Cyber Security News
Critical IDrive Windows Flaw Allows Privilege Escalation Critical IDrive Windows Flaw Allows Privilege Escalation Cyber Security News
SmartApeSG Campaign Exploits ClickFix for Malware Spread SmartApeSG Campaign Exploits ClickFix for Malware Spread Cyber Security News
North Korean Cybercriminals Intensify Crypto Attacks North Korean Cybercriminals Intensify Crypto Attacks Cyber Security News
Healthcare Sector Emerges as a Prime Target for Cyber Attacks in 2025 Healthcare Sector Emerges as a Prime Target for Cyber Attacks in 2025 Cyber Security News