Russian Hackers Compromise 270 Belgian Companies

Russian hackers compromised at least 270 Belgian companies and organizations during a large-scale cyberattack ^[1].

The breach highlights critical vulnerabilities in widespread security infrastructure and the prolonged risk to organizations that fail to rotate credentials after a leak.

According to reports, the attackers targeted entities located in Belgium by exploiting a vulnerability in security products provided by Fortinet ^[2]. This leak allowed the hackers to obtain sensitive login credentials, granting them unauthorized access to corporate networks ^[2].

The campaign began in early 2024 ^[1]. While the attack occurred months ago, the security failure persists for many victims. Data indicates that the login credentials for more than 100 of the affected companies remain publicly available ^[1].

Geert Baudewijns, the CEO of Secutec, said the breach reached this scale ^[1]. The incident underscores a systemic failure in how some organizations respond to known security vulnerabilities, often leaving the door open for attackers long after the initial entry point is identified.

Fortinet products are used globally to secure network traffic and manage access. When a vulnerability in such a tool is exploited, it can create a domino effect, compromising every organization that relies on that specific software version without applying immediate patches ^[2].

The persistence of the exposed credentials suggests that many of the 270 hit organizations have not yet secured their systems. This leaves them vulnerable to further incursions or data theft by other threat actors who may find the leaked information online ^[1].