Cybersecurity firms Hudson Rock and SOCRadar identified the breach, noting that attackers utilize automated scanning tools to locate vulnerable devices. Once access is gained, the hardware serves as a listening post to intercept internal traffic and harvest additional credentials, creating a self-sustaining loop of unauthorized access. Hudson Rock estimates over 73,000 unique Fortinet URLs have been compromised, while SOCRadar places the figure at more than 30,000 affected devices.
The list of impacted organizations is extensive, including major entities such as Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC. While government agencies are among the victims, the hardest-hit sectors remain IT services, telecommunications, and construction. Researchers identified India, the United States, Taiwan, and Mexico as the primary geographic targets, with evidence suggesting the perpetrators are Russian-speaking actors. Independent researcher Kevin Beaumont confirmed the legitimacy of the leaked credential data, noting that the campaign bypasses the need for complex software vulnerabilities by exploiting basic human and administrative oversight.
Comments (0)
No comments yet. Be the first!