Belsen Group is giving the details away for free in BreachForums.
The VPN access data and complete configuration files of thousands of FortiNet appliances have surfaced on the darknet.
According to Heise, a previously unknown attacker group named Belsen Group is giving the details away for free in BreachForums.
All of the impacted FortiGate firewalls — most of which are in Mexico, the U.S., and Germany — had FortiOS versions prior to version 7.2.2 unveiled in October 2022, while many of the exposed IPs were from leading internet service providers.
"As many as 80 different device types can be found in the data leak, with the FortiGate Firewall 40F and 60F being the most widespread,” researchers from Heise Security said. “There are also WLAN gateways and devices for installation in the server rack as well as compact devices for the desk or broom cupboard.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
