Massive firewall hack: many of the world's most important networks cracked

Security researchers have uncovered one of the largest hacking campaigns in recent years. Russian-speaking providers have managed to crack a firewall system that is supposed to secure the world’s most important networks.

Numerous Fortinet firewalls penetrated

According to current information, around 74,000 devices from the manufacturer Fortinet in 194 countries are affected. The attackers are said to have stolen access data from companies and organizations from almost all sectors, including international corporations, authorities and providers of critical infrastructure. The incident was discovered by cybersecurity experts Bob Diachenko from Security Discovery. According to his own statements, he managed to access the perpetrators’ infrastructure and view extensive data sets there. These not only contained user names and passwords in plain text, but also information about the affected companies, such as industry, sales and number of employees.

According to other researchers, this is an exceptionally extensive operation. The attackers are said to have systematically searched the Internet for publicly accessible FortiGate access and then carried out automated login attempts on a large scale. Apparently specially developed software was used for this purpose, which could process tens of thousands of connections at the same time. According to the investigations, if access was successful, the perpetrators gained deeper insights into the affected networks. Among other things, central authentication systems such as Microsoft Active Directory were compromised. Hudson Rock security company reported the attackers also decrypted intercepted VPN connection credentials using a powerful GPU cluster. The methods used have even improved themselves through successful hits and thus generated increasingly effective password combinations.

Serious consequences

The consequences are sometimes serious. According to the researchers, full network access has been demonstrated at several organizations in Asia and the Middle East. The case of a Turkish arms company with ties to NATO is particularly explosive, and confidential defense documents are said to have been stolen from its systems. The companies whose data appeared in the exposed database include Oracle, Lenovo, FedEx, Samsung, Siemens and Foxconn. Numerous state institutions are also said to be affected. Experts therefore warn of a significant risk and strongly advise all Fortinet customers to check their systems for signs of a break-in and update security measures immediately.