Global Fortinet breach

Forums › IT Pro and developers › Global Fortinet breach

xpd

Geek of Coastguard
14223 posts

Uber Geek
+1 received by user: 4695

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#324954 18-Jun-2026 16:11

https://arstechnica.com/security/2026/06/massive-breach-spills-credentials-for-thousands-of-sensitive-networks/

"Researchers have uncovered a massive breach of Fortinet firewalls that has given Russian-speaking attackers near-unrestricted access to some of the world’s largest and most powerful organizations, including Oracle, Chevron, Lenovo, Federal Express, a NATO defense contractor, and Fortinet itself."

Quite a few NZ companies affected.

XPD / Gavin

LinkTree

geek3001

333 posts

Ultimate Geek
+1 received by user: 512

ID Verified

Subscriber

#3504049 18-Jun-2026 16:36

Am I reading this right, this breach has arisen because the device had a logon interface ultimately providing admin access, open to the public internet?

And, no one noticed / was monitoring for, a HUGE volume of logon attempts via said interface?

gjm

816 posts

Ultimate Geek
+1 received by user: 123

#3504052 18-Jun-2026 16:46

can check domains here if you're interested https://www.hudsonrock.com/fortinet and yes, a few big NZ names are listed

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

gzt

19139 posts

Uber Geek
+1 received by user: 8252

Lifetime subscriber

#3504060 18-Jun-2026 17:03

geek3001: Am I reading this right, this breach has arisen because the device had a logon interface ultimately providing admin access, open to the public internet?

I don't think you're reading that right.

gjm

816 posts

Ultimate Geek
+1 received by user: 123

#3504067 18-Jun-2026 17:20

The way I read it was that the management plane was exposed to the internet... how do you read it?

Do surveys for Beer money (referral link) - Octopus Group

Link for buying beer (not affiliated, just like beer) - Good George

lxsw20

3736 posts

Uber Geek
+1 received by user: 2227

Subscriber

#3504068 18-Jun-2026 17:40

geek3001:

Am I reading this right, this breach has arisen because the device had a logon interface ultimately providing admin access, open to the public internet?

And, no one noticed / was monitoring for, a HUGE volume of logon attempts via said interface?

If you're lazy / a bad admin you can certainly configure a Fortigate that way, but i don't think thats the issue here.