The renowned American cybersecurity company, Fortinet has been victim to a major data leak as a result of a zero-day vulnerability attack dating back to 2022.
A new cybercriminal gang known as the “Belsen Group” was responsible for leaking Fortinet’s stolen data for free on the dark web.
This data consisted of configuration files, IP addresses, and VPN credentials for more than 15k FortiGate devices.
Sensitive technical information of thousands of people has now been exposed to other hackers too, all for the price of zero.
This new hacking group was first noticed this month on social media and cybercrime forums according to Bleeping Computer.
Free Access to Leaked Fortinet Data
To advance themselves and market their hacking capabilities, the Belsen Group developed a Tor website, a platform to especially publish the FortiGate stolen data for free.
The cybercriminal gang’s hacking forum post stated:
"At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation: Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted.”
“And the biggest surprise: All this sensitive and crucial data is FREE, offered to you as a gift from the Belesn Group,” the group added emphatically.
Fortinet’s leaked data available for free access has at least a 1.6 GB archive with folders organised according to country.
The folders have subfolders for each FortiGate’s IP address in that county according to Bleeping Computer.
Also Read: Hackers Target Fortinet Firewalls in Zero-Day Attack
Leaked Data Dump Reveals Firewall Rules
Kevin Beaumont, a cybersecurity expert in a blog post said that the data dump specifically contains usernames, passwords (some in plain text), device management digital certificates, and all firewall rules.
“The data appears to have been assembled in October 2022, as a zero-day vuln,” Beaumont said. “For some reason, the data dump of config has been released today, just over two years later.”
The cybersecurity expert plans to roll out a list of in-scope IPs to help organisations check if they have been impacted by the Fortinet leak.
He also recommended individuals ensure they have patched for the 2022 zero-day vulnerability.
“If you are in scope, may need to change device credentials and assess the risk of firewall rules being publicly available,” Beaumont added.
Also Read: Chinese Espionage Hackers Allegedly Stole Sensitive Data From Fortinet
