FortiBleed update: attackers cracked Fortinet passwords on rented AI GPUs

Kevin Beaumont says the crew behind FortiBleed rented 36 enterprise GPUs from a generative-AI cloud to crack stolen firewall configs, and that victim devices were actively tampered with, not just catalogued.

Security researcher Kevin Beaumont has published a detailed follow-up on FortiBleed, the campaign that produced working credentials for tens of thousands of internet-facing Fortinet firewalls, and the new reporting reframes both how it was done and how far the attackers got.

The most distinctive detail concerns the cracking. Based on attack infrastructure the operators accidentally left exposed in an open web directory, Beaumont says they rented 36 enterprise-class GPUs from a company that sells generative-AI compute, and used that hardware not for AI workloads but to crack the password hashes pulled from stolen Fortinet configuration files. A few years ago, assembling that kind of cracking cluster meant racks, providers and setup time. Now, he notes, it takes a card and an hourly rental, which has quietly made large-scale password cracking cheap and fast.

The mechanics, as he describes them: the attacker scanned the internet for FortiGate devices, logged in, exported the full device configuration, then cracked the stored credential hashes offline to recover plaintext passwords for every user on the box. The recovered logins are being sold on forums as Fortinet VPN credentials to enable follow-on breaches. How the initial logins happened is still not certain; Beaumont points to prior unpatched vulnerabilities or pre-existing backdoor admin accounts as the likely routes.

He also disputes Fortinet's public explanation. The company told media the leaked data came from prior breaches and bruteforcing; Beaumont says that is not the full story, because the set includes freshly cracked passwords from this month's config dumps, not just recycled old credentials.

That config dumping is visible to defenders. Beaumont reports that every organisation he helped was a listed FortiBleed victim and had its configuration exported within the past month, and that the activity shows up in FortiOS logs under System and Events when filtering for configuration messages, listing a mix of administrator and REST API accounts. He has published the source IPs seen pulling configs, one of which sits inside Fortinet's own network range, something he says he cannot explain.

Why it matters

This was not a passive credential leak. In the cases Beaumont worked, attackers logged into legitimate staff accounts, ran automated config exports seconds after logging in, created new admin accounts, added firewall rules opening SSH and RDP to selected addresses, and logged into IPsec VPN tunnels. CloudSEK's analysis found at least one live VPN configuration pointing into a victim network, and direct evidence of access to internal Active Directory at a number of companies, the standard groundwork for ransomware and extortion. The operators appear to have focused on telecoms and managed service providers, whose FortiGate devices are a path into many downstream customer networks.

CloudSEK assesses roughly a thousand organisations were definitely compromised internally, while Beaumont stresses that logins, config exports and cracking happened across tens of thousands of devices, with those credentials now for sale. A thousand confirmed internal breaches is, on its own, a serious problem.

The broader point is a gap. While much of the industry debates frontier AI risk, tens of thousands of organisations still run internet-facing VPN firewalls without multi-factor authentication, and the people breaking in look less like a state actor than a financially motivated crew. Many reused credentials trace to a specific Russian ransomware group, but the sloppy operational security points to eCrime rather than espionage.

What to watch

For Fortinet operators, the actions track the alerts from CISA and the Canadian Centre for Cyber Security. Check whether your devices appear on the public victim lists researchers have published; if so, treat the box as compromised. Beaumont's guidance for a compromised device is to take it offline and rebuild it, or failing that, remove all admin accounts and recreate per-user accounts with MFA, move to current firmware (retire it if end of life), inspect firewall rules and system logs for changes, and rotate IPsec site-to-site keys and certificates at both ends.

The open thread is the initial access vector. Until researchers pin down how the configurations were first exfiltrated, the safer assumption for any internet-facing FortiGate is that its credentials may already be in criminal hands.