A large-scale credential theft campaign affecting organizations worldwide 

On June 17, 2026, security researchers disclosed details about a large-scale cybercrime campaign known as FortiBleed. 

The campaign successfully collected valid credentials from approximately 75,000 Fortinet firewall and SSL VPN devices across 194 countries. 

Researchers estimate that the attackers targeted nearly half of all publicly exposed Fortinet devices on the internet. 

This makes FortiBleed one of the largest credential-focused campaigns reported in recent years.

How was FortiBleed discovered? 

The campaign was initially discovered by security researcher Volodymyr "Bob" Diachenko and later analyzed by researchers from Hudson Rock and cybersecurity expert Kevin Beaumont. 

Interestingly, the attackers accidentally exposed part of their own infrastructure. 

Researchers found an open directory containing: 

• Stolen credentials 
• Attack scripts 
• Command histories 
• System telemetry 
• Connection information 

This provided a rare look into how the operation was being managed behind the scenes. 

How did the attackers gain access? 

One important fact stands out: 

This was not a zero-day attack. 

The attackers did not rely on a newly discovered software vulnerability. 

Instead, they used credentials that had already been stolen from previous data breaches and malware infections. 

They scanned the internet for publicly accessible Fortinet devices and attempted to log in using known usernames and passwords. 

In many cases, these credentials worked because: 

• Passwords had been reused 
• Accounts had never been updated 
• Credentials were previously stolen by infostealer malware 

Even strong passwords can become useless if they have already been stolen. 

Once attackers possess the password, they simply log in like a legitimate user.

What happens after a firewall is compromised? 

A firewall is often considered the front door of a company's network. 

When attackers gain control of that device, the consequences can be serious. 

A compromised firewall can become a monitoring point that allows attackers to: 

• Observe network traffic 
• Collect additional credentials 
• Access internal systems 
• Move deeper into the organization 
• Steal sensitive business data 

Because the access appears legitimate, organizations may not immediately notice anything unusual. 

Potential business impact 

Operational impact 

Attackers may gain unauthorized access to: 

• Internal applications 
• Business systems 
• Customer databases 
• Administrative platforms 

This can disrupt normal operations and increase recovery costs.

Reputation impact 

Data breaches can damage customer trust and business relationships. 

Organizations may face: 

• Customer complaints 
• Lost contracts 
• Delayed business opportunities 
• Brand damage 

Regulatory impact 

Many countries now require organizations to investigate and report significant cybersecurity incidents. 

Failure to respond quickly may create additional compliance and legal challenges. 

How ShieldNet 360 can help 

Firewall Security Review 

ShieldNet 360 can assist organizations in reviewing whether their firewall infrastructure may have been affected by the FortiBleed campaign. 

Our team can help: 

• Assess exposure 
• Recommend security improvements 

Free 1-Month ShieldNet Defense Deployment 

To help organizations respond proactively, ShieldNet Defense can be deployed free for one month to eligible businesses. 

The platform helps organizations: 

• Monitor suspicious activity 
• Detect signs of compromise 
• Investigate potential threats 
• Hunt for hidden attacker activity 
• Build evidence for incident response and reporting 

Security Made Simple 

Cyberattacks do not always begin with sophisticated hacking techniques. 

Sometimes they start with a stolen password that was never changed. 

FortiBleed is a reminder that organizations must continuously monitor and verify access to critical systems. 

Early detection can make the difference between a minor security event and a major business crisis.