24/68 Friday, January 17, 2025
A new hacker group known as the “Belsen Group” has leaked the network configuration data, IP addresses, and VPN credentials of over 15,000 FortiGate devices on the Dark Web to promote their reputation. The leaked data, available for free, is 1.6 GB in size and includes folders containing critical configuration files, such as “configuration.conf” (system settings file) and “vpn-passwords.txt,” with some plain-text passwords. Additionally, it includes sensitive information like private keys and firewall rules used to protect systems.
According to cybersecurity expert Kevin Beaumont, the leaked data is linked to a Zero-Day vulnerability identified as CVE-2022-40684, which was exploited in 2022. This vulnerability allowed attackers to download configuration files from devices and create malicious admin accounts. German news outlet Heise reported that all affected devices were running FortiOS versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.2, which were vulnerable until patches were released on October 3, 2022.
Although the leaked data was collected in 2022, experts warn that organizations that have not updated their systems or changed their settings and passwords remain at risk. The leaked information could still be used to launch network attacks today. System administrators are urged to immediately review their FortiGate devices and change passwords to mitigate potential threats from widespread exploitation.
