CISA Urges Hardening Fortinet Devices in Credential Exposure Response
Independent researchers estimate affected devices ranging from 73,932 to 75,000 across 194 countries.
CYBER — The Cybersecurity and Infrastructure Security Agency issued an alert on June 18 directing organizations to immediately terminate active sessions, reset administrative and Virtual Private Network passwords, and harden FortiGate appliances and Secure Sockets Layer gateways targeted in the FortiBleed credential exposure campaign.
U.S. Arrests Dual National Tech CEO for Supplying Equipment to Iran’s Nuclear and Military Programs
The alert addresses cyber activity by threat actors involving leaked credentials for approximately 74,000 internet-accessible Fortinet devices, including firewalls and Virtual Private Network gateways used by government and private sector organizations worldwide, per the agency alert.
Independent researchers estimate affected devices ranging from 73,932 to 75,000 across 194 countries.
Fortinet and FortiGate Overview
Fortinet is a major cybersecurity company headquartered in Sunnyvale, California. It develops and sells a broad portfolio of network security products, with its flagship FortiGate line of next-generation firewalls and Secure Sockets Layer Virtual Private Network gateways forming the core of many enterprise, government, and critical-infrastructure networks worldwide.
FortiGate appliances combine firewall, intrusion prevention, application control, and VPN capabilities in a single platform. Organizations deploy them to protect internet-facing connections, segment internal networks, and enforce remote-access policies.
Because FortiGate devices often sit at the perimeter and handle both inbound traffic and encrypted tunnels, they are high-value targets for credential-based attacks.
The widespread adoption of Fortinet products means that credential exposure on these devices carries outsized consequences.
A successful compromise can give attackers initial access into environments that control sensitive data flows, remote workforce connectivity, and operational technology segments.
In the FortiBleed campaign, threat actors leveraged leaked administrative credentials to target precisely this class of widely deployed appliances, underscoring why rapid credential rotation and interface hardening remain priorities for any organization running FortiGate or related Fortinet VPN solutions.
