FortiBleed Campaign Uses Custom Sniffers

Security firm SOCRadar has investigated the FortiBleed campaign, which targets Fortinet FortiGate devices. This large-scale cyberattack campaign utilizes custom sniffers to capture authentication data from compromised firewalls. The attackers aim to gain access to sensitive information by circumventing the security mechanisms of the devices. The campaign has intensified in recent months, affecting numerous companies worldwide. SOCRadar reports that the attackers are capable of infiltrating the firewalls and monitoring data streams.

This is achieved through the use of specially developed tools that intercept communication between the devices and users. A central element of the FortiBleed campaign is the use of custom sniffers specifically designed for FortiGate devices. These sniffers can extract login credentials and other confidential information while bypassing firewall monitoring. The attackers use this information to gain unauthorized access to networks. SOCRadar has also noted that the attackers employ various techniques to cover their tracks.

These include manipulating protocols and using encryption to make detection by security solutions more difficult. These tactics make it challenging for companies to detect and respond to the attacks in a timely manner. The security firm has advised companies to regularly update their FortiGate devices and ensure compliance with all security policies. Special attention should be paid to monitoring network traffic to identify suspicious activities early. Implementing additional security measures can help mitigate risks.

The FortiBleed campaign has already affected several high-profile target companies, underscoring the urgency of implementing security precautions. SOCRadar has published a list of best practices that companies should follow to protect their systems. This includes training employees on handling phishing attacks and implementing multi-factor authentication. The threat posed by the FortiBleed campaign is not limited to large enterprises; small and medium-sized businesses are also at risk, as they often allocate fewer resources for IT security.

Attackers exploit these vulnerabilities to infiltrate networks and steal data. The security situation remains tense as attackers continuously adapt their methods and develop new techniques. SOCRadar warns that the FortiBleed campaign may only be the tip of the iceberg regarding cyberattacks on networks. Companies should prepare for an ongoing threat and adjust their security strategies accordingly. The vulnerability exploited by the FortiBleed campaign could potentially be addressed through future updates from Fortinet.

Fortinet has already announced that they are working on solutions to close the security vulnerabilities. However, a specific date for the release of these updates is still pending. SOCRadar has classified the campaign as one of the biggest threats to network security in 2026. The security firm recommends that companies take proactive measures to protect their systems and prepare for potential attacks.