Oracle · Federal Reserve (FED) · NATO · Ars Technica
Large breach spills credentials for thousands of sensitive networks
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
Researchers have uncovered a massive breach of Fortinet firewalls that has given Russian-speaking attackers near-unrestricted access to some of the world’s largest and most powerful organizations, including Oracle, Chevron, Lenovo, Federal Express, a NATO defense contractor, and Fortinet itself.
Key facts
- Nearly 74,000 Fortinet devices from more than 21,000 IP addresses in 194 countries have been compromised and their plaintext credentials exposed online, Bob Diachenko, a security researcher and head of SecurityDiscovery
- They then used a custom binary with 25,000 threads to spray hundreds of thousands of those endpoints with thousands of login and password combinations
- The attackers used the massive cluster to run a” feedback-driven, 12-level recursive system.” In other words, there wasn’t a single flat dictionary run
- Hudson Rock said that the top countries where compromised devices were found were India, the US, Taiwan, Mexico, Turkey, and Thailand
Summary
Nearly 74,000 Fortinet devices from more than 21,000 IP addresses in 194 countries have been compromised and their plaintext credentials exposed online, Bob Diachenko, a security researcher and head of SecurityDiscovery.com, said online and in an interview. Independent researcher Kevin Beaumont reported that “almost all” of the compromised devices remained online as of Wednesday morning. “The scale of this breach touches nearly every sector of the global economy, sparing no industry,” researchers from Hudson Rock, a security firm that also analyzed the data, wrote. Diachenko, Beaumont, and Hudson Rock all urged Fortinet users to investigate their networks immediately for signs of compromise.