Cybercriminals allegedly compromise tens of thousands of Fortinet firewalls at major companies worldwide
Tags Infrastructure · Enterprise
A Russian-speaking cybercriminal group is reportedly compromising Fortinet firewalls and VPNs at major companies globally by exploiting previously known passwords, according to TechCrunch. The attack targets organizations that have not updated default or compromised credentials on their Fortinet devices. Fortinet is one of the most widely deployed enterprise network security vendors, with its products used by governments and Fortune 500 companies. The scale — tens of thousands of devices — suggests a systematic campaign rather than targeted intrusions.
Technical significance
This campaign highlights the persistent risk of known-vulnerability exploitation at scale, even against security infrastructure itself. Fortinet devices are perimeter defenses — their compromise gives attackers a foothold inside organizational networks. The use of previously known passwords rather than zero-days suggests that basic credential hygiene remains a critical failure point. For security teams, this reinforces the need for automated credential rotation and continuous exposure monitoring of edge devices.