Tsar Nicholas I once stated that the three pillars of Russian identity are Orthodoxy, Autocracy and Nationalism. In many ways these are also the pillars of #Putinism. The USSR replaced nationalism with communism and orthodoxy with atheism but Autocracy has always been a pillar.
‼️🚨 BREAKING: 320,000 Fortinet firewall devices have been targeted in a campaign that has been dubbed 'FortiBleed'. Attackers were able to confirm 75,000 working credentials against the admin and SSL VPN interfaces.
The victims include really big names like Samsung, Oracle, Spotify, Sony, and more.
The data was first surfaced by researcher Volodymyr "Bob" Diachenko and analyzed by Hudson Rock and SOCRadar. The operation runs as a self-feeding loop. Attackers scan the internet for exposed Fortinet devices, then test each one against a curated list of passwords leaked from earlier Fortinet breaches and infostealer logs. Every successful login gets recorded into a verified database. They then turn each compromised box into a listening post, sniffing the traffic passing through the firewall to harvest fresh credentials, which go straight back into the scanner.
The scale is large. The group ran an estimated 1.16 billion credential attempts against more than 320,000 FortiGate targets, plus 2.1 billion brute-force tries against 160,000 MSSQL servers. In the deeper intrusions they intercept SSL VPN authentication hashes, crack them on a dedicated 45-GPU cluster, and move into internal Active Directory.
Diachenko confirmed full network compromises in Japan, Taiwan, Vietnam, Iraq, and Turkey, including a Turkish NATO defense contractor that had classified defense documents stolen.
If you run Fortinet, act now: rotate every VPN and admin credential, enforce MFA on all external gateways, restrict management access to approved sources, segment internal networks, and audit gateway logs for unusual logins. Hudson Rock has a free domain lookup at https://t.co/KLv2YiMtpm.
Data surfaced via the Hunt Intelligence, Inc. feed.
@siranspringer Tbf, this is funny but it's the same situation when my wife leaves a basket of clothes on the stairs for me to take up. I have absolutely no recollection of ever walking past it. Each and every time...
@DownloadFest Will you be showing world cup games in the village? Scotland on at 2am and if not I'll be chinning GNR... Cmon, let the Scots know either way!
@AmmoniteElectr1@JamesMelville People like you are the real fucking idiots. Yeah let's wait until there is no supply to fill the car up? People have the right to think 2 moves down the line. There will be shortages on diesel in the next few weeks and the war will not be ending anytime soon.
🚨 Vect ransomware has partnered with #TeamPCP, the group behind the Trivy, Checkmarx, LiteLLM & Telnyx supply chain compromises.
The next phase looks like monetization: turning TeamPCP’s estimated ~300 GB credential haul into ransomware deployments. A first confirmed Vect deployment using TeamPCP-sourced creds has already been reported.
We spotted a Vect Linux/ESXi sample with our threat hunting YARA rules while AV detection on VirusTotal was still minimal.
5 YARA rule hits
⚡ SUSP_RANSOM_Indicators_Sep24_1
⚡ SUSP_SCRIPT_FlushIptables_Sep21
⚡ SUSP_RANSOM_ESX_Indicators_Feb23_1
⚡ SUSP_LNX_RANSOM_Ransomware_Indicators_Sep22_1
⚡ SUSP_LOL_ESXi_Commands_Oct24
At the time of analysis, VirusTotal showed only 2 detections for the sample. Our hunting rules still caught it. 🎯
Samples
https://t.co/2iRsOIMpus
https://t.co/5StCd9n8vT
How to scan VMware ESXi systems with THOR / THOR Thunderstorm
https://t.co/2v8QsQB0WE
https://t.co/y7wIXKryc0
Reference
https://t.co/hCKAaJSmSi
Chat, look what images just appeared ON THE DARK WEB (Telegram, where all crime happens on the internet apparently). ShinyHunters posted it.
Is this actual stuff from the alleged Cisco data compromise as a result of the Trivy supply chain attack? Are these images unrelated? How sensitive is this data? How is ShinyHunters involved with TeamPCP? Is this even real?
Find out on the next action packed episode of Dragon Ball Z
@AureliusRauno@ThreshedThought Yeah but you dont risk nuclear war and definite invasion of your homeland to capture Estonia. There is countries that sit on strategically important locations, resources. (Iran, Taiwan, Egypt, Panama) Sorry Estonia isnt one of them.
@_JohnHammond Thanks to some amazing vendors in this space, the poisoned packets tend to be only up for sometimes 2-3hrs which limits the impact significantly.
@AureliusRauno@ThreshedThought Baltic sea ports would be useless if you were at war with NATO, you wouldn't be able to transit through hostile waters. Geographical defence of Estonia wouldnt be all that important either if you faced invasion from Finland in the north, and Poland in the west.
@ThreshedThought I guess the one caveat is Russia is also weak.. Estonia offers them nothing strategically and brings them to war with Europe which directly threatens not only their position in Ukraine but risks greater impact domestically. Taiwan however...
@IntCyberDigest Maybe this is true. But big orgs with CTI teams looking at this can't judge the reliability of the information based on you as a single source of truth. Where is your information coming from?