Cybersecurity Notification: Awareness Regarding Fortinet “FortiBleed” Reports
Summary
Magna5 is aware of public reporting regarding a Fortinet FortiGate incident referred to as “FortiBleed.” According to security researchers, threat actors have obtained FortiGate configuration data from internet-facing devices and used stored credential hashes to identify working administrator credentials for a large number of firewalls.
Magna5 is reviewing available information for indicators that may be relevant to customer environments where Magna5 has visibility. At this time, this is an awareness notification only. If Magna5 identifies information suggesting a customer may be affected, we will contact that customer directly.
What is it?
“FortiBleed” refers to public reporting of a large-scale credential compromise campaign involving Fortinet FortiGate firewalls. According to public reporting, threat actors targeted internet-facing Fortinet FortiGate devices and obtained configuration files from systems where access was successful.
These configuration files may contain administrator account information and password hashes. Researchers report that some of these hashes were cracked, resulting in validated administrator credentials for a large number of FortiGate devices.
If valid administrator credentials are obtained, an attacker may be able to log in to the firewall, review or change configuration settings, create persistence, access VPN-related services, or use the device as a path into the broader network.
The presence of a firewall IP address, organization name, or related information in third-party reporting does not automatically confirm active compromise. However, it may indicate that the associated FortiGate device should be reviewed by the organization responsible for managing it.
What is Magna5 doing?
Magna5 is reviewing available information related to this issue and assessing whether any customer-specific follow-up is required.
Customer Action
For customers who manage their own Fortinet FortiGate firewalls, Magna5 recommends reviewing public-facing Fortinet infrastructure for potential exposure or contacting Magna5 to review.
One available free lookup tool is provided by SOCRadar: https://socradar.io/free-tools/fortibleed
Contact / Follow-Up
This is an awareness notification only. Magna5 will contact customers directly if our review identifies information suggesting their environment may be affected.
If you have any questions or believe your environment may be affected, please contact cybersecurity@magna5.com.
- General Cybersecurity & Maintenance Notifications
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We've sent you an email — please check your inbox and click the link to continue.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Magna5 Status, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Magna5 Status.
Subscription Confirmed
Your email has been verified — you'll now receive status updates from Magna5 Status.