At least 270 Belgian organisations have been impacted by a Russian cyberattack targeting firewall manufacturer Fortinet, cybersecurity firm Secutec warned on Monday.
The victims include local authorities, law firms, and schools, with the infiltration still ongoing.
According to Secutec, the operation — linked to a Russian cybercrime group — was characterised by an unprecedented level of organisation and scale.
The attack, which started back in February, exploited Fortinet’s partner portal, enabling hackers to steal login credentials from tens of thousands of IT service providers. These credentials allowed attackers to penetrate not just one organisation, but entire networks of client systems.
The hackers used “brute force” methods to access accounts, testing vast numbers of username and password combinations.
Once inside, they installed spyware to exfiltrate sensitive information. The stolen data is reportedly being used for extortion or sold on the dark web. “Several organisations worldwide have suffered major data breaches,” said Geert Baudewijns, CEO of Secutec.
Secutec revealed that 110 firewalls from affected Belgian organisations remain accessible via intercepted credentials. In at least 45 systems, hackers have created new accounts to retain access, with plans to sell these access points on the dark web.
Dubbed “FortiBleed,” the cyberattack is among the largest incidents ever targeting a security solutions provider. More than 110 million login credentials have been stolen, compromising over 75,000 firewalls globally. The attack is ongoing, with new systems being infiltrated daily.
Belgium’s cybersecurity authority, the Centre for Cybersecurity Belgium (CCB), has been informed. Secutec and SOCRadar are urging organisations using Fortinet solutions to update their systems, enable multi-factor authentication, and review user access controls.
“A single weak link can grant simultaneous access to hundreds of organisations,” warned Secutec.
