Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 339, Issue 4IT Vendor NewsPalo Alto Networks

Threat Brief: Mitigating Large-Scale Credential Attacks

Palo Alto Networks, Friday, June 26th, 2026

Unit 42 details a large-scale credential-theft campaign hitting internet-exposed Fortinet, Sophos, and MSSQL devices.

Unit 42 reported a large-scale credential theft campaign targeting Fortinet, Sophos, and MSSQL devices exposed to the internet.

Attackers used password spraying with curated lists from prior breaches, then extracted configuration files containing additional credentials for offline cracking and future attacks.

The group established persistent administrative access through a multi-stage process, and an initial access broker claimed responsibility on Russian cybercrime forums on June 16, 2026.

Palo Alto Networks recommends MFA, zero trust architecture, and privileged access management to defend against the activity.

more →  ·  More from Palo Alto Networks →