Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world

Cybercriminals Allegedly Hacked Tens of Thousands of Fortinet Firewalls Used by Major Companies Worldwide

The hum of a corporate network’s heartbeat is usually a quiet, predictable rhythm — until it’s not. In the digital underbelly of a global supply chain, firewalls that should be fortresses instead became entry points for unseen adversaries. Cybercriminals have allegedly exploited tens of thousands of Fortinet firewalls and VPNs, infiltrating systems across industries and continents with a strategy that is deceptively simple: bad password practices.

The Rise of FortiBleed

Known as FortiBleed, this ongoing campaign has exposed a critical weakness in enterprise security — the failure to rotate or secure access credentials. Rather than exploit zero-day vulnerabilities or complex exploits, the hackers are using lists of known passwords to brute-force their way into Fortinet devices. These devices, which should serve as the first line of defense, are now being repurposed as listening posts for further infiltration.

The attack begins with automated tools scanning the internet for exposed Fortinet endpoints. Once a vulnerable device is found, the attackers use the known passwords to breach the firewall. From there, they siphon off data, capture new credentials, and repeat the process — creating a self-sustaining cycle that expands the breach rapidly.

• Automated scanners identify exposed Fortinet firewalls
• Known passwords are used to breach devices
• Compromised systems become sources for new credentials
• Attackers repeat the process on an ever-growing list of targets

A Global and Industry-Wide Impact

The scope of the breach is staggering. Hudson Rock estimates that more than 73,000 unique Fortinet URLs have been hacked, while SOCRadar places the number of affected devices at over 30,000. The list of impacted companies includes Fortune 500 firms such as Accenture, Oracle, Samsung, and Lenovo, with IT services, telecommunications, and construction materials being the most affected industries. Government agencies are also among the victims, according to SOCRadar.

The geographic spread of the attacks is broad, with India, the United States, Taiwan, and Mexico reporting the highest number of compromised devices. This is not a regional threat, but a global one — and it points to a disturbing trend in cybersecurity: the return of low-sophistication attacks that exploit human error over technical flaws.

A Cautionary Tale for Enterprise Security

The FortiBleed campaign highlights a fundamental truth in modern cybersecurity: even the most advanced infrastructure can be compromised by basic oversights. As security firms and researchers continue to investigate, the message is clear — password hygiene and regular system audits are no longer optional.

The attack also underscores the importance of monitoring and updating access credentials across all networked systems. It’s a wake-up call that while the threat landscape evolves, the human factor remains the weakest link — and the most predictable.