Join on WhatsApp
Join on Telegram
Rabat — Morocco’s General Directorate for Information Systems Security (DGSSI) has issued a warning over a large-scale data breach affecting Fortinet security devices, exposing sensitive credentials linked to tens of thousands of systems worldwide, including several belonging to Moroccan organizations.
In an alert released on June 18, the cybersecurity authority said the incident, dubbed “FortiBleed,” targets internet-facing FortiGate firewalls and SSL VPN gateways. The breach reportedly exposed administrator credentials and VPN access information that remain valid for nearly 75,000 devices globally.
According to the DGSSI, several Moroccan entities are among those affected, raising concerns over potential unauthorized access to critical networks and sensitive information.
The agency explained that attackers were able to obtain the credentials by extracting configuration files from internet-connected FortiGate devices and cracking password hashes offline. Once in possession of these credentials, cybercriminals could gain direct access to internal networks through VPN connections, compromise Active Directory environments, take control of organizational infrastructure, deploy ransomware, or steal confidential data.
In response, the DGSSI urged organizations to promptly determine whether their systems were impacted using available verification tools. The agency also called for the immediate reset of all administrator and VPN passwords, stressing the importance of strengthening access controls following the breach.
Read also: King Mohammed VI Appoints General Abdellah Boutrig as DGSSI Director
Among its recommendations, the DGSSI advised organizations to enable multi-factor authentication (MFA) across all accounts, restrict internet access to administrative interfaces, and thoroughly review connection logs for signs of suspicious activity or unauthorized access attempts.
The cybersecurity authority further emphasized the need to update systems to the latest versions of FortiOS. It also recommended requiring all administrators to log in so that password fingerprints can be migrated to the more secure PBKDF2 standard. Where automatic migration is not feasible, administrators should manually reset passwords through a “super_admin” account.
The alert comes as cybersecurity agencies worldwide continue to warn organizations about the growing risks associated with exposed network infrastructure and credential-based attacks, particularly following large-scale data leaks involving critical security appliances.
