




















Fortinet is aware of reports of malicious cyber actors targeting Fortinet devices in a credential-harvesting campaign referred to as FortiBleed. Based on our initial analysis, we believe the activity involves threat actors reusing credentials from previous incidents (FG-IR-26-060, FG-IR-25-647) and employing brute-force techniques (as described in a March blog, “Attacks at the Speed of AI”) against devices with weak password hygiene and no multi-factor authentication (MFA). This is not a new Fortinet vulnerability, and this activity is not related to any recent incident or advisory.
Upon identifying the incident, we immediately began an investigation, including collaborating with relevant government agencies.
Fortinet’s culture of proactive, transparent, and responsible product security disclosure is one of the many ways we show up as a responsible member of a larger cybersecurity ecosystem and demonstrate our commitment to helping customers make informed, risk-based decisions.
Fortinet has identified the potentially compromised systems, and we are proactively contacting impacted customers. To defend against this malicious cyber activity, Fortinet recommends that customers with impacted FortiGate appliances to immediately:
Additional security best practices for administrator access and general hardening can be found in the Best Practices Guides.
If there is any evidence of unapproved modification of the configuration or other IoCs:
If you believe your internal network may have been compromised and would like Fortinet to conduct an investigation of your network, please reach out to Fortinet FortiGuard Incident Response to arrange a scoping call.
Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency. We are continuing to investigate this situation and taking actionable steps with the security of our customers as our top priority. Our response and mitigation efforts remain ongoing.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。