A large-scale campaign dubbed ‘FortiBleed’, attributed to Russian-speaking threat actors, has compromised over 86,000 internet-facing Fortinet FortiGate devices. CISA has issued an urgent advisory urging organisations to take immediate protective action. The scale of the compromise and state-linked attribution make this a significant threat to enterprise and government networks globally.

Security Architect’s Take: Immediately audit all internet-exposed FortiGate appliances, apply the latest firmware patches, and review management interface access — restricting it to trusted IP ranges or a private network. Check device logs and SSL-VPN session records for indicators of compromise, and consider isolating affected devices pending forensic review.

Original advisory: CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices