CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
CISA warned on June 18 that malicious actors are targeting internet-accessible Fortinet devices across government and private-sector organizations using compromised credentials.
At a glance
- CISA reports global targeting of internet-accessible Fortinet devices using compromised credentials, activity referred to as FortiBleed.
- Leaked credentials are associated with approximately 74,000 Fortinet devices, including firewalls and VPN gateways.
- The June 18 alert was updated on June 22 to incorporate Fortinet's guidance.
VERDICT — CONFIRMED
CISA warned on June 18 that malicious actors are targeting internet-accessible Fortinet devices across government and private-sector organizations using compromised credentials. The activity, dubbed FortiBleed, involves leaked credentials tied to approximately 74,000 Fortinet devices, including firewalls and VPN gateways. CISA urges affected customers running FortiGate appliances and associated SSL VPN gateways to act immediately; the alert was updated June 22 to link Fortinet's guidance on the activity.
Key facts on file
- CISA reports global targeting of internet-accessible Fortinet devices using compromised credentials, activity referred to as FortiBleed.
- Leaked credentials are associated with approximately 74,000 Fortinet devices, including firewalls and VPN gateways.
- The June 18 alert was updated on June 22 to incorporate Fortinet's guidance.