FortiBleed Firewall Attack Exposes UK Government Data

FortiBleed firewall attack exposing UK government credentials leak

The Scope of the FortiBleed Breach

According to a report detailing how Russian hackers steal government logins, cybercriminals have successfully acquired the usernames and passwords of British government personnel. This breach affects overseas workers in the Foreign Office and local administration representatives. Consequently, these compromised credentials appeared on underground forums for prices reaching up to $60,000. Experts have dubbed this sophisticated attack FortiBleed. Researchers directly link this incident to the compromise of over 80,000 Fortinet firewalls.

Exploiting Network Vulnerabilities

Furthermore, the attackers exploited a vulnerability within these network devices. They also leveraged previously stolen passwords to bypass network defenses and harvest fresh credentials. The exposed data includes email addresses and passwords belonging to British embassy staff in Thailand and Mauritius. Similarly, the leak impacts local government workers in Derbyshire and the London borough of Waltham Forest. Ultimately, this specific dataset could provide a direct pathway into the internal systems of vital ministries and other critical departments.

Expanding Threats Beyond Government

The imminent danger extends far beyond government officials. The accesses offered for sale include data from organizations connected to healthcare, energy generation, and pharmaceutical supply chains. Moreover, Saif Abed, a former physician with the UK National Health Service, issued a stark warning. He cautioned that malicious actors could quickly escalate this breach into a ransomware attack. Such an event would severely impact patient safety and care.

Urgent Cyber Security Advisories

Meanwhile, the UK National Cyber Security Centre issued an urgent advisory. The agency warned that attackers are actively brute-forcing passwords for Fortinet systems. Therefore, they strongly recommended that organizations immediately audit their networks. Administrators must change default and reused passwords without delay. Finally, companies should urgently isolate any devices that might have fallen under the control of these threat actors.

Fortinet’s Official Response

Fortinet officially stated that they are actively investigating reports of stolen credentials. The company provided a preliminary assessment of the situation. They believe the published data likely represents a combination of information from older leaks and newly brute-forced passwords. Consequently, Fortinet does not consider this event indicative of a novel vulnerability or an active breach within their product line.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Leave a Reply