⚠️ Region Alert: UAE/Middle East
The "FortiBleed" campaign is a large-scale password spraying and credential theft operation targeting Fortinet, Sophos, and MSSQL devices. Threat actors utilize curated password lists, likely compiled from previous breaches and vulnerability exploitations, to gain initial access to internet-exposed services. Once inside, they escalate privileges to extract device configuration files and sensitive credentials for further attacks.
Unit 42 has observed an initial access broker (IAB) on the Russian-language forum Exploit[.]in claiming responsibility for these attacks and offering stolen credentials for sale. Organizations are advised to implement multi-factor authentication (MFA), adopt Zero Trust architectures, and change default credentials to mitigate the risk of persistence and unauthorized administrative access.
Top comments (0)