According to recent dark web information, a threat actor going by the name “RedTeam” has started promoting a new brute-force attack tool called “Brutus,” intended to target Fortinet services.

The tool’s $1,500 price tag indicates that automated credential-stuffing attacks against enterprise infrastructure are becoming more popular.

Brutus is adaptable for attackers looking to penetrate a variety of systems because it is designed to attack numerous remote access protocols.

Attackers can target popular remote access services used in corporate settings due to the tool’s support for SSH, RDP, VNC, and shell-based connections.

For businesses that depend on Fortinet equipment for network protection, this multi-protocol approach greatly expands the attack surface.

Reconnaissance and target identification are streamlined by the tool’s integrated scanner, which automatically detects exposed or susceptible services.

Furthermore, Brutus allows attackers to conceal their origin and avoid network detection systems by supporting HTTP and SOCKS proxying with rotating proxies.

For attackers looking to evade setting off security alarms or IP-based blocking measures, this obfuscation capability is essential. Brutus, which was created in Go, can be deployed on Windows, Linux, and macOS due to its cross-platform compatibility.

Performance and ease of compilation are prioritized in this language selection, which enables the tool to be quickly modified for various contexts.

Flexible credential management is supported by the tool, which accepts combo lists in various formats, such as distinct IP, login, and password text files and URL:login: password combinations.

Brutus is notable for its on-the-fly combo-generating feature, which allows attackers to dynamically create credential variations during attacks.

This feature lessens the need for credential databases that have already been assembled. It increases the probability that systems with common password patterns will be successfully compromised.

Globally, Fortinet products are widely used in government and business networks. A specialized brute-force tool targeting these systems poses a serious risk, especially for companies with out-of-date Fortinet equipment or lax authentication rules, according to recent dark web intelligence observations.