Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign

Campaign
First reported
Last updated
Happening score
H score 82
1 unique sources, 1 articles

Summary

Hide ▲

A Russian-speaking multi-operator threat group ran a FortiGate and Microsoft SQL Server bruteforce campaign that generated billions of credential attempts, raising the risk of widespread account compromise and internal access. The operation targeted 320,777 FortiGate systems and 163,650 SQL Server systems, and recovered credentials were reportedly used for lateral movement into Active Directory environments. The same activity also involved harvesting and cracking SSL VPN hashes, making it a large-scale access-focused intrusion operation.

Related Happenings

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

Open Happening

Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices

Trend
H score37 First: 15.04.2026 12:30 Last: 15.04.2026 12:30 Sources 1

About this happening: A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...

Open Happening

FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers

Campaign
H score58 First: 10.03.2026 18:21 Last: 10.03.2026 18:21 Sources 1

About this happening: A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...

Open Happening

Russian-speaking threat actor campaign expands across multiple victims

Campaign
H score42 First: 09.03.2026 01:35 Last: 09.03.2026 01:35 Sources 1

About this happening: A **Russian-speaking threat actor** ran an **AI-augmented campaign** against **FortiGate security appliances**, using **multiple commercial AI services** to scale compromise attem...

Open Happening

AI-assisted hacktivist campaign targeting Mexican government agencies

Campaign
H score44 First: 06.03.2026 15:37 Last: 06.03.2026 15:37 Sources 1

About this happening: A **small group of hacktivists** ran an **AI-assisted intrusion campaign** against **at least nine Mexican government agencies**, compromising systems over **multiple months**. Th...

Open Happening

Timeline

  1. 17.06.2026 18:12 2 articles · 0h ago

    FortiBleed leak exposes Fortinet VPN credentials for 73,932 firewall URLs

    Initial Disclosure

    A newly discovered data leak dubbed FortiBleed exposed apparent Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide; Bob Diachenko found a server containing valid-looking Fortinet VPN credentials, and follow-on review indicated the dataset may cover roughly 75,000 Fortinet devices across 194 countries.

    Show sources
    Open in new tab