FortiBleed: AI Cracks 75,000 Fortinet Firewalls

FortiBleed Exploits AI to Compromise 75,000 Fortinet Firewalls

A global campaign named FortiBleed has compromised nearly 75,000 Fortinet FortiGate firewalls across 21,632 domains. This breach used a new cybercrime method: readily available supercomputing power from rented GPU clusters. Russian-speaking hackers and Initial Access Brokers like SantaAd are partly responsible. The campaign did not use a zero-day vulnerability but instead relied on a large-scale credential-stuffing operation, fueled by previously compromised data and a new hash cracking method.

Attackers bypassed traditional encryption defenses by renting 36 enterprise-class GPUs from decentralized cloud compute provider Vast.ai, costing about $14.40 per hour. This on-demand supercomputing capability allowed them to crack hundreds of billions of hashes per second, quickly exposing plaintext passwords from FortiOS configuration files. The compromised devices, across more than 200 countries including Australia, now serve as access points for moving into connected supply chains and third-party vendors.

The Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) issued several critical alerts, advising immediate action for affected organizations. Fortinet acknowledged the campaign, linking it to credential reuse from incidents identified in December 2025 (FG-IR-25-647) and January 2026 (FG-IR-26-060). The scope and the effective, accessible methods used by the attackers show an increase in the efficiency and potential impact of financially motivated cyber operations.

How attackers use AI compute for FortiBleed

Attackers in the FortiBleed campaign used widely available high-performance GPU hardware, often associated with the generative AI boom, to industrialize password cracking. Instead of building expensive custom infrastructure, the attackers rented a decentralized GPU cluster via Vast.ai. This cluster had six high-powered worker instances, totaling 36 enterprise-class GPUs, managed through a Telegram bot.

This setup gave attackers immense processing power, capable of breaking encryption at high speeds for minimal cost. For example, a 36-GPU cluster with modern hardware, such as NVIDIA RTX 4090s, can process up to 720 billion legacy Fortinet (Salted SHA-256) hashes every second. Even against newer FortiOS versions using the PBKDF2 algorithm, the cluster cracked 180 million to 360 million hashes per second. This fast cracking allowed attackers to ingest exported FortiOS configuration files and immediately expose plaintext passwords of firewall administrators.

The operational pipeline used more than raw compute power. Analysis of the attacker infrastructure showed the use of AI-assisted code editors like Cursor for script development and Telegram bot management. Once plaintext credentials were obtained and initial access was established, operators deployed open-source agentic penetration testing frameworks to automate Active Directory enumeration. This shows an optimized, modern intrusion pipeline, integrating AI tools for code generation, network mapping, and credential cracking. For more insights on AI's impact on network security, review analyses on AI-assisted firewall compromise analysis.

Initial access to Fortinet devices has long been a commoditized dataset, frequently sold by Initial Access Brokers like SantaAd on underground forums. The FortiBleed campaign scales this by combining it with accessible, high-performance computing to create an industrialized process from scanning to cracking to subsequent lateral movement. This lateral movement includes pivoting into third-party vendors, managed service providers (MSPs), and trusted partners, significantly expanding the affected area.

Following the initial credential compromise of FortiGate firewalls, attackers captured approximately 143,000 Kerberos and 33,000 NetNTLM hashes, targeting internal domain controllers. This shows why strong authentication and careful credential management for perimeter defenses are important. Organizations with exposed Fortinet devices need immediate comprehensive review and remediation. The ACSC and Fortinet provided the following immediate recommendations:

• Terminate all admin and VPN sessions and reset credentials: Force mandatory password resets for all firewall administrators and Fortinet VPN users, especially on internet-facing systems, and enforce strong password policies.
• Implement MFA on all administrator and VPN user accounts: Multi-factor authentication adds a layer of security against compromised credentials.
• Upgrade to latest versions of 7.4, 7.6, or 8.0: These versions support PBKDF2 hashing for administrator credentials. Follow guidance to remove older legacy password settings via set login-lockout-upon-weaker-encryption.
• Validate configuration: Review firewall and VPN users and other configurations for unauthorized changes. Compare current configurations to a known good baseline, paying attention to unrecognized accounts like "forticloud" or "fortinet-support."
• Check logs: Look for unexpected administrator access from unknown IPs and monitor domain controller logs for lateral movement, unusual access, suspicious accounts, or unauthorized configuration changes.
• Reduce attack surface and lock down management access: Restrict external management of devices through trusted hosts, local-in policies, or by removing internet administration access entirely.

The reliance on harvested credentials shows the ongoing threat from information stealer logs. This cybercrime system demonstrates how rented GPUs function as the engine, while harvested credentials act as the fuel. A deeper look into credential security for Fortinet products can be found in discussions concerning FortiClient EMS credential theft. The speed at which Initial Access Brokers operate minimizes an organization's margin for error. More details on FortiGate vulnerabilities and exploitation are available through research on FortiGate CVE-2025-59718 exploit.

Capabilities of the MYRA Linux RAT distributed via npm

A sophisticated Linux Remote Access Trojan (RAT), named MYRA, has been discovered distributed through the npm package apintergrationpost (versions 4.0.1 through 4.0.6). The package, published by maintainer kimijohn01, claims to be a "hybrid Node.js integration client with native lab primitives for authorized red team exercises and EDR validation." However, its public availability on npm, along with a live C2 configuration, poses a significant risk.

MYRA shows an advanced level of engineering for npm malware. It ships a compiled native C rootkit designed for stealth and persistence. The installation chain forces root privileges (sudo npm install -g apintergrationpost) and automatically installs system dependencies like build-essential, python3, ffmpeg, x11-utils, and grim on apt-based systems. This ensures the RAT has full control and functionality.

The native rootkit component includes specialized tools for evasion and persistence:

• libcache.so: An LD_PRELOAD shared library that hooks readdir, readdir64, stat, and lstat to hide files and directories with names matching a configurable list (e.g., .libcache, .cache-update, systemd-userdbd). This makes persistence artifacts invisible to standard system utilities. This technique aligns with MITRE ATT&CK T1574.006 (Hijack Execution Flow: Dynamic Linker Hijacking).
• proc_hide: Changes /proc/PID/comm using prctl(PR_SET_NAME, ...) and overwrites argv[0] to make the process appear as systemd-userdbd, a legitimate systemd daemon. This is consistent with MITRE ATT&CK T1036.004 (Masquerading: Masquerade Task or Service).
• memfd_exec and memfd_loader: Implement fileless execution using the memfd_create syscall. They read payloads (including the Node.js binary and the JavaScript agent bundle) into anonymous memory-backed file descriptors, then execute them via fexecve. This results in a process running entirely from memory, with /proc/PID/exe pointing to /memfd:.node (deleted) and /proc/PID/cmdline showing systemd-userdbd --user. This technique relates to MITRE ATT&CK T1027.011 (Obfuscated Files or Information: Fileless Storage).
• injector: Attaches to a target process via ptrace to patch executable memory, appearing to be a diagnostic or proof-of-concept tool for ptrace-based injection.

MYRA establishes three independent persistence mechanisms:

1. LD_PRELOAD Rootkit: Copies libcache.so to /usr/local/lib/.libcache.so and registers it in /etc/ld.so.preload, ensuring file hiding across the system.
2. Cron Job: Installs a wrapper script (/usr/local/lib/.cache-update.sh) as a cron entry to execute every 13 minutes. The script tries to launch the RAT via memfd_loader (fileless), agent_launcher (blended binary), or direct Node.js (fallback).
3. Profile.d Login Hook: Writes to /etc/profile.d/.sh.local, which executes the wrapper script in the background upon every user login.

The RAT's C2 framework uses a plugin architecture with 13 modules, communicating over TCP with length-prefixed JSON framing. Authentication uses an HMAC-SHA256 challenge-response mechanism. The default C2 address 192.168.54.1:4444 is a private RFC 1918 IP, suggesting a targeted network segment, VPN/tunnel endpoint, or accidental public release of a development build. The beacon schedule includes log-normal distribution jitter (45-300 seconds) and random padding (0-64 bytes) to avoid detection.

MYRA's capabilities include full interactive PTY shell access, directory traversal, base64 file transfer, system information gathering, process enumeration, network enumeration, recursive file searching, and live screen streaming. The live screen capture system, refined across several versions, automatically detects active graphical sessions using loginctl and x11grab (for X11) or grim (for Wayland), even capturing as the logged-in user when running as root.

MYRA Detection Indicators:

Canadian Spy Agency CSIS Disrupts Foreign Botnets

Canada's Security Intelligence Service (CSIS) used its threat reduction warrant powers for the first time to neutralize two foreign-run botnets operating on Canadian soil. A Federal Court ruling, released publicly on June 15, details the warrant, granted on May 1, 2024, and renewed in August of the same year. This legal action allowed CSIS to remotely alter, degrade, and destroy botnet data on infected machines, cutting them off from command-and-control networks.

The operation targeted Canadian-based servers, small office/home office (SOHO) routers, and various Internet of Things (IoT) devices, such as Ring doorbells, security cameras, and Wi-Fi-enabled televisions. The court found that unnamed foreign state adversaries used these devices to relay traffic, probing critical infrastructure, government, and military networks in Canada. The ruling stated that the operation targeted devices, not individuals, and any incidentally collected personal data was destroyed.

This action by CSIS is similar to botnet disruption efforts by U.S. law enforcement in early 2024. The FBI, operating under search-and-seizure warrants, had previously dismantled botnets used by the China-linked Volt Typhoon (exploiting Cisco and NetGear SOHO routers) and Russia's GRU APT28 group (using Ubiquiti routers). Both U.S. and Canadian operations show a common problem: neglected, end-of-life consumer-grade network and IoT hardware that remains unpatched or uses default credentials.

The CSIS operation is important because it is the first time threat reduction measures were used, which enable the intelligence service to actively disrupt threats rather than just collecting intelligence. This legal precedent provides a new tool for national security agencies to address foreign state-sponsored cyber threats directly within domestic infrastructure. The underlying issue of unmaintained devices remains a challenge, as government cleanups do not fix these weaknesses, leaving devices open to reinfection if owners do not update or retire the vulnerable hardware.

INTERPOL Identifies Escalating Cybercrime Trends Across Asia-Pacific

INTERPOL's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report shows a substantial increase in cybercrime across the region. This is driven by rapid digitalization, internet penetration, and the sophistication of organized criminal networks. The report indicates that over half of INTERPOL member countries in the region reported that cybercrime makes up no less than 30% of all recorded national crimes.

Phishing has become the most common and financially damaging cybercrime, with one-third of countries reporting over 10,000 cases between January 2024 and March 2025. This is made worse by a regional average of 5.5 out of every 1,000 individuals clicking on phishing links monthly, nearly double the global average of 2.9 per 1,000. The region also experienced more than 135,000 ransomware-related attacks in 2024, mostly impacting the real estate, manufacturing, and financial services sectors.

Transnational organized crime syndicates, particularly those operating out of Cambodia, Laos, Myanmar, and the Philippines, are industrializing cyber-enabled scams. These groups use deepfakes and AI-driven social engineering, including "romance baiting" schemes, to defraud individuals, contributing to an estimated $37 billion in regional cybercrime losses. They also impersonate business executives to authorize fraudulent transactions.

The report also details the widespread use of banking trojans and information stealers, which rank as the second most common cybercrime type. Notable malware families in this category include RedLine, Lumma, LokiBot, Negasteal, and ZBot. Additionally, Distributed Denial-of-Service (DDoS) attacks surged by 92% in 2024 compared to the previous year, and system intrusions accounted for about 80% of all data breaches. These cybercriminal activities often exploit misconfigured systems, weak encryption, insecure APIs, and insufficient monitoring within target networks.

Technical Takeaways

• The FortiBleed campaign shows a scalable, AI-assisted method for credential compromise, using Vast.ai GPU clusters to crack hashes from 75,000 Fortinet FortiGate firewalls at costs as low as $14.40 per hour.
• The MYRA Linux RAT, distributed via the apintergrationpost npm package, includes a native C rootkit for fileless execution (memfd_exec), process masquerading (systemd-userdbd), and three persistence mechanisms (LD_PRELOAD, cron, profile.d) at the system level.
• CSIS set a new precedent by using threat reduction warrants to disrupt foreign state-linked botnets operating on SOHO routers and IoT devices within Canada, physically altering compromised systems to remove malicious control.
• INTERPOL's report on the Asia-Pacific region shows the widespread nature of phishing and ransomware, along with the financial impact of AI-driven scams and the continued use of common information stealers like RedLine and Lumma.
• The widespread compromise in the FortiBleed campaign comes from the reuse of credentials and shows why multi-factor authentication and proactive credential rotation on internet-facing devices are critical, rather than exploitation of zero-day vulnerabilities.