All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

FortiBleed Campaign: Reverse Engineering the CyberStrike Harvester Behind Global FortiGate Credential Theft

By

Arctic Wolf Labs

10d ago· 22 min readenInsight

Summary

FortiBleed is a large-scale credential compromise campaign targeting internet-facing Fortinet FortiGate firewalls and SSL VPN gateways. Unlike typical malware-based attacks, it uses a credential pipeline combining credential stuffing, password spraying, configuration harvesting, offline cracking, and post-authentication capture processing. Arctic Wolf researchers reverse-engineered a recovered CyberStrike Harvester binary and connected it to the broader FortiBleed operator workflow, demonstrating how exposed perimeter credentials can escalate into full internal-network compromise.

Source

bskyFortiBleed Campaign: Reverse Engineering the CyberStrike Harvester Behind Global FortiGate Credential Theftarcticwolf.com

Key quotes

· 3 pulled
FortiBleed is a large-scale credential compromise campaign that targets internet-facing Fortinet FortiGate firewalls and SSL VPN gateways.
The campaign does not depend on a malware payload; instead, it uses a credential pipeline that utilizes credential stuffing, password spraying, configuration harvesting, offline cracking, and post-authentication capture processing.
Arctic Wolf reverse-engineered a recovered CyberStrike Harvester binary and connected it to the broader FortiBleed operator workflow, showing how exposed perimeter credentials can quickly become full internal-network exposure.
Snippet from the RSS feed
Arctic Wolf reverse-engineered a recovered CyberStrike Harvester binary and connected it to the broader FortiBleed operator workflow, showing how exposed perimeter credentials can quickly become full internal-network exposure.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.