Security Alert
Current Status and Related Trends
mickmick.net alerts organisations to a recent credential leakage incident known as FortiBleed. The incident involves the exposure of data and credentials related to Fortinet firewalls and VPN devices.
According to recent threat intelligence and media reports, attackers are suspected to have obtained a large number of valid login credentials for Fortinet devices. These credentials may be used to gain unauthorised access to affected organisations’ devices and internal networks. Research also suggests that attackers may be conducting automated testing using previously leaked usernames and passwords to identify Fortinet credentials that remain valid. In some cases, the management interfaces of affected devices are directly exposed to the Internet, further increasing the risk of compromise.
If attackers successfully gain access to such devices, they may use them to further access the organisation’s internal network, conduct lateral movement, steal additional account information, modify system settings, or deploy malware, ransomware, or other backdoors on internal systems. This may pose further risks to business operations and information security.
The incident is reported to affect devices in more than 194 countries, and the leaked data may involve approximately 74,000 Fortinet devices. Based on publicly available information, some organisations in Hong Kong may also be affected.
