The leak, described as the Belsen Group’s first major operation, includes sensitive configuration files, plaintext VPN credentials, usernames, private keys, and firewall rules. The data is organised by country, with subdirectories for each device’s IP address. Cybersecurity researcher Kevin Beaumont verified the authenticity of the data, linking it to a zero-day vulnerability, CVE-2022–40684, which was actively exploited in October 2022. This vulnerability allowed attackers to download configuration files and create unauthorised super admin accounts.
Although Fortinet addressed the vulnerability in 2022, the leaked data remains sensitive. If organisations failed to update their credentials and firewall configurations, the exposed information could still be exploited. Beaumont urged organisations using FortiGate devices to assess their security and determine if they were impacted. This incident highlights ongoing cybersecurity challenges and follows a similar 2021 breach involving nearly 500,000 Fortinet VPN credentials.
Source: Tech Monitor
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.