FortiBleed Steals 110M FortiGate Credentials Globally

The past 24 hours saw a significant and active credential-harvesting campaign, dubbed FortiBleed, weaponize over 430,000 FortiGate firewalls globally. Threat actors, identified as a Russian Initial Access Broker (IAB) by SOCRadar, used a custom Golang-based sniffer tool to compromise these network devices. This led to the theft of more than 110 million credentials across approximately 200 countries. This widespread operation targets various organizations, impacting small to medium-sized businesses and a NATO-aligned defense contractor.

The FortiBleed campaign shows the persistent threat of sophisticated attacks against critical network infrastructure. It turns defense mechanisms into offensive tools. As this operation expands, security agencies and researchers are also dealing with the ripple effects of a separate supply chain attack against Salesforce customers. The Icarus extortion group orchestrated this attack, leading to data leaks from several prominent technology and cybersecurity firms. A high-severity Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-20230, in Cisco Unified Communications Manager products is now actively exploited. This enables unauthenticated attackers to gain root access. The Five Eyes intelligence alliance warns that frontier AI models will likely dramatically accelerate offensive hacking capabilities within months.

Overall, current cyber risk is heightened by innovative exploitation techniques, complex supply chain compromises, and the impending acceleration of cyberattacks driven by advanced AI. These developments provide context for understanding the threat environment and informing defensive strategies.

How are FortiGate firewalls being weaponized in the FortiBleed campaign?

FortiGate firewalls are weaponized by deploying a custom Golang-based sniffer tool, identified as FortigateSniffer. This tool abuses legitimate diagnostic commands within FortiOS to passively capture authentication traffic. Threat actors, suspected to be a Russian Initial Access Broker (IAB), transform compromised network security devices into broad-scale credential collectors. The campaign has been active since at least February 2026, compromising systems across nearly 200 countries.

SOCRadar researchers, who reverse-engineered the attack chain, discovered that the FortigateSniffer tool exploits the FortiOS built-in diagnostic command diagnose sniffer packet. This command monitors traffic across 24 authentication protocols, parses the captured data, and extracts credentials directly from network flows. Using a sniffer on perimeter devices enables silent data collection without installing traditional malware, making detection more challenging. Further analysis suggests that elements of this complex process may have been augmented by CyberStrike, an open-source AI-powered autonomous penetration testing agent, showing how AI accelerates exploit development and attack efficiency.

The FortiBleed campaign is large, impacting over 430,000 FortiGate firewalls globally. Attackers established 659 credential-harvesting pipelines, stealing more than 110 million credentials. These stolen credentials include RADIUS, NTLM, and Kerberos material. The volume of compromised credentials creates a significant and ongoing risk, as these datasets are frequently aggregated, repackaged, and resold in underground markets, lowering the entry barrier for less sophisticated threat actors.

Victim data for the FortiBleed campaign indicates primary targeting of small to medium-sized businesses (SMBs) with fewer than 200 employees. Geographically, the United States and India have seen many attacks. However, the campaign's global nature means organizations in virtually any country are susceptible. The IT services sector appears to be an important target, likely chosen by the threat actor to maximize downstream access to multiple client environments. High-value targets, such as a NATO-aligned defense contractor, have also been compromised in this operation.

The full attack chain identified by SOCRadar includes five distinct phases:

  1. Reconnaissance and Target Prioritization: Threat actors scan the internet for exposed FortiGate firewalls and other edge services. This data is enriched with organizational and revenue information to rank targets by potential value.
  2. Initial Access: Credential-stuffing and brute-force attacks are launched against FortiGate administrative interfaces and SSH services to gain valid credentials and establish a foothold on internet-facing devices.
  3. Sniffer Deployment: Post-compromise, the FortigateSniffer is deployed to abuse legitimate FortiOS diagnostic commands, passively capturing authentication traffic across dozens of protocols and extracting credentials, hashes, session cookies, and identity data.
  4. Credential Cracking and Lateral Movement: Captured hashes are cracked using the attacker's distributed GPU infrastructure. Validated credentials are then used for password spraying, Active Directory enumeration, Server Message Block (SMB) access, and lateral movement within victim networks.
  5. Data Exfiltration and Reuse: The final phase involves the theft of sensitive files from network shares and the reuse of stolen web-session cookies to gain authenticated access to internal applications. This intelligence and access can then be used for follow-on ransomware, data extortion attacks, or sold for financial gain.

To defend against the FortiBleed campaign, SOCRadar advises several immediate actions. These include rotating all credentials associated with Fortinet VPN and administrative interfaces, enforcing multifactor authentication (MFA) across all systems, removing FortiGate management interfaces from direct internet exposure, and meticulously reviewing gateway and authentication logs for any suspicious activity. The campaign's continuous nature requires prompt and full response measures.

Which companies are impacted by the Icarus group's Salesforce data leaks?

Multiple technology and cybersecurity companies, including Huntress, LastPass, HackerOne, Recorded Future, Jamf, Snyk, OneTrust, Insurity, Tanium, and Sprout Social, are impacted by data leaks from the Icarus extortion group. These leaks resulted from a supply chain attack involving Klue. The Icarus group began leaking redacted victim data on its dark web site after setting a deadline for Klue customers to engage with them.

These attacks originated from a breach at Klue, a third-party application vendor specializing in market intelligence. Threat actors used Klue's OAuth tokens to gain unauthorized access to customers' Salesforce instances. The Klue integration compromise also affected Gong customers, a sales intelligence platform, where a subset of internal licensed user data was accessed. This Gong data included user business titles, usernames, and email addresses.

Affected companies confirmed various types of data were compromised from their Salesforce instances. For instance, Huntress reported that the leaked data included business contact information (full names, work emails, job titles, phone numbers, business addresses), business names, details on products trialed or used, subscription specifics (units, pricing), and sales-related communications (such as price quotes, contacts, and tasks). LastPass confirmed that while customer data within its Salesforce instance was accessed, its core products, services, and infrastructure remained secure, with customer vaults unaffected. HackerOne stated that its strict data segmentation policies prevented customer vulnerability data from residing in its CRM systems and found no indication of such data access.

In response to the breaches, impacted organizations took immediate defensive actions. These typically involve suspending all company access to Klue, rotating exposed API access tokens, and launching internal investigations into the extent of the compromise. Gong also reported blocking four suspicious IP addresses provided by Klue that were associated with the unauthorized activity. The ongoing nature of the leaks and the potential for social engineering attacks, as Huntress pointed out, emphasize the importance of out-of-band verification for any incident-related communications.

How is CVE-2026-20230 in Cisco Unified Communications Manager being exploited?

CVE-2026-20230, a high-severity Server-Side Request Forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), is actively exploited by attackers. The flaw, with a CVSS score of 8.6, resides in the WebDialer component and allows an unauthenticated, remote attacker to write arbitrary files to the underlying operating system, which can lead to root privileges.

Cisco initially released security updates for CVE-2026-20230 on June 3, 2026, cautioning about the potential for root-level access. The vulnerability results from improper input validation for specific HTTP requests within the WebDialer component. An attacker can exploit this by sending a specially crafted HTTP request, enabling them to use file:// URIs to write files to the operating system. This capability is important for establishing persistence or further exploitation to gain root access.

Threat intelligence firm Defused observed active exploitation of this flaw over a recent weekend, noting that attacks originated from a single IP address. The observed proof-of-concept (PoC) exploit appears designed for reconnaissance, specifically to identify vulnerable devices by attempting to write a text file named /tmp/cve-2026-20230-test.txt. This initial probing aims to confirm susceptibility before more malicious payloads are deployed. Following Defused's disclosure, SSD Secure published a technical write-up detailing how the vulnerability functions and providing a PoC exploit.

SSD Secure's research indicates that successful exploitation requires an attacker to first obtain the target system's hostname. The researchers demonstrated methods to retrieve this information from the affected device prior to launching the file-write attack. By controlling both the file path and the content written to disk, an attacker can achieve remote code execution and ultimately escalate privileges to obtain root access on vulnerable systems. Organizations are advised to apply the security updates provided by Cisco to mitigate this active threat.

What is the Five Eyes' assessment of frontier AI cyberthreats?

The Five Eyes intelligence alliance warns that frontier artificial intelligence models will significantly reshape offensive hacking globally within months, not years. This urgent assessment, delivered by the cybersecurity agencies of the U.S. (CISA, NSA), the UK (NCSC), Canada (CCCS), Australia (ASD & ACSC), and New Zealand (NCSC), highlights a rapidly shrinking window between vulnerability discovery and exploitation. Operational technology (OT) and critical infrastructure sectors face the most significant risks due to their typically long patch cycles and extended equipment lifespans.

The joint advisory, issued on June 23, 2026, calls upon government and business leaders to immediately implement measures to prevent falling behind an accelerating threat environment. It frames the shift as a core business risk, going beyond traditional IT security concerns. The agencies state that AI is fundamentally altering the economics and speed of cyberattacks, making traditional vulnerability management and patch cycles insufficient to keep pace with adversaries exploiting flaws faster than ever. This accelerated threat environment shows the importance of proactive security measures and resilient system design.

The guidance repeats the importance of foundational cybersecurity practices, such as prompt patching of flawed software and minimizing system exposure to the internet. However, the core message emphasizes a necessary shift from merely finding flaws to neutralizing them, particularly in environments where patching can take months or years. The advisory also urges technology providers to thoroughly test their products and engineer systems that default to safe failure states. This latest warning builds upon previous guidance issued in May 2026 by the same agencies, which cautioned against the rapid deployment of agentic AI systems capable of autonomous planning and action, and explores autonomous AI agents and security risks.

In line with this escalating threat, CISA recently directed civilian federal agencies to remediate or disable critical vulnerabilities within three calendar days. This directive reflects the growing concern over vulnerabilities being exploited autonomously and at scale, a scenario increasingly facilitated by frontier AI. The collective message from the Five Eyes alliance shows an imminent and transformative period for cybersecurity, demanding immediate and strategic adaptation from all sectors.

Technical Takeaways

  • The FortiBleed campaign, linked to a Russian IAB, actively uses a custom Golang-based sniffer, FortigateSniffer, to compromise FortiGate firewalls and steal over 110 million credentials across 200 countries.
  • The Icarus extortion group continues to leak data from multiple tech and cybersecurity firms following a supply chain attack that compromised the third-party application Klue, leading to unauthorized access to customer Salesforce and Gong data.
  • A high-severity SSRF vulnerability, CVE-2026-20230, in Cisco Unified Communications Manager's WebDialer component is under active exploitation, allowing unauthenticated attackers to write arbitrary files and achieve root privileges on vulnerable devices.
  • The Five Eyes intelligence alliance issues an urgent warning about frontier AI models, predicting they will change offensive hacking within months by significantly compressing the window between vulnerability discovery and exploitation, particularly impacting OT and critical infrastructure.
  • Effective defense against these threats requires immediate credential rotation, mandatory multifactor authentication, hardening of internet-facing management interfaces, proactive application of security updates, and a shift towards neutralizing flaws rather than solely focusing on patch cycles.