Details Of Over 15,000 FortiGate Devices Leaked Online, So Be On Your Guard

Newly established Belsen Group is leaking a 1.6GB archive
It contains IP addresses, passwords, and more, reportedly from FortiGate devices
The data was pulled two years ago, using a zero-day

Sensitive information on more than 15,000 FortiGate devices has leaked online after a new threat actor, calling themselves “Belsen Group”, posted the archive on a dark web forum in an attempt to promote their operation and make a name for themselves.

The group says the data includes IP addresses, passwords, and configurations, and to make analysis easier, it categorized the targets by country names.

“At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation,” the thread on the forum reads.

Authentic, but old, data

As part of its data leak effort, the group set up a dedicated Tor site, as the archive is 1.6GB large.

“Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted,” it noted.

“And the biggest surprise: All this sensitive and crucial data is absolutely free, offered to you as a gift from the Belsen Group.”

Multiple security analysts confirmed the data breach is actually two years old, but was never released to the public.

The data was pulled by abusing CVE-2022–40684, while it was still a zero-day flaw. It affected FortiOS 7.0.0-7.0.6, and 7.2.0-7.2.2.

“I’ve done incident response on one device at a victim org, and exploitation was indeed via CVE-2022–40684 based on artefacts on the device,” one of the researchers, Kevin Beaumont, said in a blog post. “I’ve also been able to verify the usernames and password seen in the dump matches the details on the device.”

“The data appears to have been assembled in October 2022, as a zero day vuln. For some reason, the data dump of config has been released today, just over 2 years later.”

Via BleepingComputer

What's Hot

Home Secretary statement on Southport: 20 January 2025

‘Big Brother’ Coin Unveiled To Pay Tribute To George Orwell

Angela Deem reveals the real reason Michael Ilesanmi won’t return to the franchise as she tries to get him fired

Details of over 15,000 FortiGate devices leaked online, so be on your guard

Windsurf Wave 2 now memorizes your preferred coding styles for its suggestion

Was the whole TikTok drama a bait-and-switch to make Trump look good?

Norton Identity Advisor Plus: Everything You Need To Know – Review 2025

Trump boasts about saving TikTok at DC rally day before inauguration: ‘We’re going to make a lot of money’

TikTok influencers in panic as app finally goes dark in the US

Lifetime subscription to FastestVPN Pro (15 devices) drops to its lowest price

What's Hot

Details of over 15,000 FortiGate devices leaked online, so be on your guard

Authentic, but old, data

You might also like

Related Posts