Security researchers at Hudson Rock discovered a massive database containing credentials for thousands of sensitive networks, including government agencies and critical infrastructure providers. The breach involved intercepting SSL VPN authentication hashes and cracking them using an elaborate 45-GPU cluster managed through Hashtopolis. Attackers successfully compromised a Turkish NATO defense contractor and exfiltrated classified defense documents, confirming full network compromises across multiple countries.

The operation employed a feedback-driven, 12-level recursive cracking system that went beyond simple dictionary attacks. Password candidates drew from custom dictionaries with up to eight words, common keyboard patterns, and sophisticated cracking rules. Successful guesses fed back as seeds to generate additional candidates, making the techniques more effective over time. This methodical approach allowed threat actors to move laterally and breach Active Directory environments.

Compromised devices appeared most frequently in India, the US, Taiwan, Mexico, Turkey, and Thailand. The hardest-hit industries included IT services, telecommunications, and financial services. Major organizations like Foxconn, Samsung, Comcast, and Siemens appeared in the database alongside unnamed government agencies. Researchers noted the attackers left behind server artifacts, amateur mistakes that contradicted their sophisticated methodology.

Fortinet firewall users face immediate security risks as the exposed data has circulated among cybercriminals. The breach demonstrates how perimeter devices remain prime targets for network infiltration, potentially granting access to resources deep inside protected systems. Organizations should urgently audit their firewall configurations and update credentials to mitigate ongoing threats.