More Than a Leak: What SpyCloud Found Inside the FortiBleed Threat Actor Infrastructure

SpyCloud’s investigation reveals that the FortiBleed threat actor operated a sophisticated, AI-enhanced, multi-server infrastructure to indiscriminately brute-force and monetize access to tens of thousands of internet-facing devices—including Fortinet firewalls, Synology NAS, Sophos firewalls, and MSSQL servers—culminating in the exfiltration of sensitive military data and the sale of network access on underground forums.