30K+ Fortinet Devices Compromised in Credential Heist
Researchers discovered a large-scale credential harvesting campaign compromising over 30,000 Fortinet firewalls and VPN gateways across 194 countries. Attackers used credential stuffing and reuse from prior leaks on exposed devices, affecting government, telecom, healthcare, education, finance, and critical infrastructure. The operation is self-sustaining and linked to Russian-speaking actors with financial and espionage motives.
- credentials
- device access
More than 30,000 Fortinet firewalls and VPN gateways were compromised in a credential harvesting campaign that spanned 194 countries and targeted government agencies, telecom providers, healthcare organizations, schools, banks, and critical infrastructure.
Public reporting from Dark Reading indicates that attackers relied on credential stuffing, using usernames and passwords stolen from earlier breaches to gain access to the devices. The operation, linked to Russian-speaking actors, combined financial motives with espionage goals. Available reporting describes the campaign as self-sustaining, with compromised devices providing fresh credentials that fuel further attacks. The exposed data includes credentials and direct device access, though the exact number of individual users affected remains unknown.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →