Introducing FortiBleed!
FortiBleed is an active hacking campaign that has exposed over 30,000 verified Fortinet firewall credentials globally. The campaign affects a wide range of high-value targets including major banks, telecom companies, and government agencies across 194 countries. The attacker infrastructure, tools, and victim list have been tracked by researchers. The campaign remains active at the time of reporting, posing ongoing risk to affected organizations.
AI Analysis
Technical Summary
FortiBleed is a large-scale breach campaign targeting Fortinet firewall credentials, resulting in the exposure of over 30,000 verified credentials worldwide. The campaign impacts a broad spectrum of high-profile victims such as financial institutions, telecommunications providers, and government entities. The threat actors' infrastructure and tools have been identified and monitored by the SOCRadar Threat Research team. The breach is ongoing, indicating active exploitation and a continuing threat to affected organizations.
Potential Impact
The breach compromises the confidentiality of Fortinet firewall credentials, potentially allowing unauthorized access to critical network infrastructure of affected organizations. This exposure can lead to further network compromise, data exfiltration, and disruption of services for high-value targets including banks, telecoms, and government agencies. The global scale of the breach amplifies its severity and potential impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Organizations should immediately review the SOCRadar advisory and IoCs provided in the linked blog post to identify potential compromise. Immediate steps include credential rotation for Fortinet firewall accounts, enhanced monitoring for suspicious activity, and applying any official Fortinet patches or mitigations once available. Due to the ongoing nature of the campaign, proactive incident response and threat hunting are recommended.
Introducing FortiBleed!
Description
FortiBleed is an active hacking campaign that has exposed over 30,000 verified Fortinet firewall credentials globally. The campaign affects a wide range of high-value targets including major banks, telecom companies, and government agencies across 194 countries. The attacker infrastructure, tools, and victim list have been tracked by researchers. The campaign remains active at the time of reporting, posing ongoing risk to affected organizations.
Reddit Discussion
The SOCRadar Threat Research team just uncovered a staggering, active hacking campaign exposing over 30,000 verified Fortinet firewall credentials.
Here is the damage report:
🌍 Global Reach: 194 countries affected, with the US sitting at the #2 most targeted spot.
🏦 High-Value Targets: The victim roster includes major banks, telecom giants, and government agencies.
🛠️Full Visibility: We tracked the entire operation—the attacker infrastructure, the tools, and the complete victim list.
⚠️ Status: STILL active as of this publication.
Don't wait for an incident to react. Dive into the full discovery, grab the IoCs, and take immediate steps to mitigate the risk and strengthen your posture.
Read the full FortiBleed breakdown here: https://socradar.io/blog/fortibleed-fortinet-firewalls-compromised/
Also check the leak here https://hubs.la/Q04lQnV60
#ThreatIntelligence #Fortinet #CyberSecurity #InfoSec #SOCRadar
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
FortiBleed is a large-scale breach campaign targeting Fortinet firewall credentials, resulting in the exposure of over 30,000 verified credentials worldwide. The campaign impacts a broad spectrum of high-profile victims such as financial institutions, telecommunications providers, and government entities. The threat actors' infrastructure and tools have been identified and monitored by the SOCRadar Threat Research team. The breach is ongoing, indicating active exploitation and a continuing threat to affected organizations.
Potential Impact
The breach compromises the confidentiality of Fortinet firewall credentials, potentially allowing unauthorized access to critical network infrastructure of affected organizations. This exposure can lead to further network compromise, data exfiltration, and disruption of services for high-value targets including banks, telecoms, and government agencies. The global scale of the breach amplifies its severity and potential impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Organizations should immediately review the SOCRadar advisory and IoCs provided in the linked blog post to identify potential compromise. Immediate steps include credential rotation for Fortinet firewall accounts, enhanced monitoring for suspicious activity, and applying any official Fortinet patches or mitigations once available. Due to the ongoing nature of the campaign, proactive incident response and threat hunting are recommended.
Technical Details
- Source Type
- Subreddit
- blueteamsec+AskNetsec+Information_Security
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a339c23f198dc38c155a4f6
Added to database: 6/18/2026, 7:20:03 AM
Last enriched: 6/18/2026, 7:20:07 AM
Last updated: 6/19/2026, 2:07:08 AM
Views: 97
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.