Researchers have uncovered a massive breach of Fortinet firewalls, giving Russian-speaking attackers access to credentials for thousands of sensitive networks including Oracle and Lenovo. Nearly 74,000 devices from over 21,000 IP addresses across 194 countries were compromised, exposing plaintext login details online.

Independent researcher Kevin Beaumont reported that almost all compromised devices remained active as of Wednesday morning. He confirmed with multiple organizations that the credentials are real and current. Many attackers accessed centralized authentication systems like Radius servers and Microsoft Active Directory once they compromised the firewalls.

The scale is exceptional, with the threat actor mass-scanning for FortiGate remote login endpoints before using a custom binary to spray those endpoints with thousands of combinations. Successful attempts gave them network access inside organizations.

Security firm Hudson Rock urged Fortinet users to investigate their networks immediately for signs of compromise and provided a search engine to locate affected domains.

The breach touches nearly every sector globally, sparing no industry. SUNI reflects that the digital age poses new challenges for global security.