
Fortinet Firewall Hack Affects Global Companies
Cybercriminals have allegedly compromised tens of thousands of Fortinet firewalls and VPNs used by major companies worldwide. This widespread hacking campaign, referred to as FortiBleed, has been ongoing, with cybersecurity firms Hudson Rock and SOCRadar reporting the breach. The attack capitalizes on companies neglecting to change default passwords and using known credentials for sensitive systems accessible online.
How the Fortinet Firewall Hack Occurred
The hackers employ automated tools to scan the internet for exposed Fortinet firewalls and VPNs. Once located, they exploit these devices using lists of previously known passwords. According to SOCRadar, once a firewall is compromised, it serves as a listening post to monitor traffic and collect further credentials, enabling the hackers to compromise additional devices.
Who Are the Victims of the Fortinet Hack?
Hudson Rock and SOCRadar have identified that the hacked companies include high-profile names such as Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC. The cybersecurity firms have reported that the most affected regions are India, the United States, Taiwan, and Mexico, with the IT services, construction materials, and telecommunications industries being the hardest hit. Government agencies are also among the victims.
What Is Fortinet’s Response to the Hack?
Fortinet has acknowledged awareness of the credential-harvesting campaign targeting its firewalls and VPN gateways. The company stated that the data involved in the breach is a resharing of information from previous incidents and brute forcing of credentials, rather than a new vulnerability. Fortinet is working to address the issue, emphasizing the importance of changing default passwords to prevent such attacks.
Are Russian Cybercriminals Behind the Attack?
The group responsible for the Fortinet firewall hack is believed to be Russian-speaking, according to both Hudson Rock and SOCRadar. The cybersecurity firms’ reports are based on the discovery of a list of credentials for Fortinet devices and related companies. This incident highlights the ongoing threat posed by cybercriminals who exploit weak security practices.
Frequently Asked Questions
What is the Fortinet firewall hack?
The Fortinet firewall hack, known as FortiBleed, is a large-scale cyber attack where hackers compromised tens of thousands of Fortinet firewalls and VPNs globally by exploiting weak password practices.
How did hackers exploit Fortinet devices?
Hackers used automated tools to scan for exposed Fortinet devices online, then accessed them using lists of previously known passwords. Once compromised, the devices were used to collect additional credentials.
Which companies were affected by the hack?
High-profile companies such as Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC were among the victims of the Fortinet firewall hack, impacting various industries worldwide.
What steps has Fortinet taken in response?
Fortinet has acknowledged the credential-harvesting campaign and is urging companies to change default passwords to prevent similar attacks. They emphasize the breach involves data from past incidents, not new vulnerabilities.
Related coverage
Sources







