unit42 · Crawled Jul 5, 2026
Threat Brief: Mitigating Large-Scale Credential Attacks
1 IoCs
Read original article ↗
AI Summary
Unit 42 has identified a large-scale password spraying and credential theft campaign dubbed 'FortiBleed' targeting Fortinet, Sophos, and MSSQL services. The threat actors use a curated password list derived from prior breaches and previously compromised credentials to conduct password spraying attacks, extract device configurations, and perform offline password cracking. An initial access broker has claimed responsibility on the Exploit[.]in forum, offering stolen credentials for sale. Palo Alto Networks recommends hardening remote access controls, enabling MFA, and monitoring for suspicious login patterns.
AI-extracted · verify before operational use
Indicators of Compromise 1 extracted
| Type | Value | Detail |
|---|---|---|
| Domain | Exploit[.]in | Details → |