Fortinet officially acknowledges leaked FortiGate configurations stolen during a 2022 zero-day attack by the Belsen Group. The leaked data includes sensitive information like IP addresses, configurations, and passwords. While Fortinet emphasizes that most affected devices have been patched, users are urged to review security practices and potential vulnerabilities.
Fortinet has officially confirmed that previously analyzed records leaked by the Belsen Group are indeed authentic FortiGate configurations stolen during a zero-day attack in 2022. The leaked data encompasses a range of sensitive information, including IP addresses, configurations (including firewall rules), and passwords, some of which were found in plain text, according to Kevin Beaumont, an infosec researcher who first reported on Belsen's data dump.
Beaumont further revealed that the leak seemingly contained files related to approximately 15,000 Fortinet devices, categorized by their country of origin. While the vendor refrained from commenting on the extent of the incident, it stated that the Belsen Group – named after the Bergen-Belsen concentration camp, providing a chilling glimpse into the group's character – falsely presented the leak as a brand-new exploit when, in reality, the data was acquired years earlier and only recently released this week.Information regarding this new group remains scarce. It appears to have emerged only this month, according to its registration details on the cybercrime forum where Fortinet's data was leaked. Its account's only post pertains to the 2022 Fortinet data leak. It is uncertain whether this is a fresh player in the growing roster of major cybercrime groups or a fleeting phenomenon. Beaumont's in-depth analysis revealed that the majority of victims were small and medium-sized businesses, with a smaller number of larger organizations and a handful of unidentified government entities. Interestingly, he noted the absence of any configuration dumps from Iran, despite Shodan revealing nearly two thousand devices with exposed management interfaces or SSL VPNs. The reasons behind these countries' exclusion from the released data remain unclear.Despite this, Beaumont urged customers to remain vigilant against possible exploitation, even if they applied patches back in 2022. If patches were implemented after October 2022, when CVE-2022–40684 was exploited as a zero-day vulnerability, there is still a chance their configurations could have been compromised. Fortinet's response was more measured, affirming that the majority of devices affected by the vulnerability have since been patched. 'If your organization has consistently adhered to routine best practices in regularly refreshing security credentials and taken the recommended actions in the preceding years, the risk of the organization's current config or credential detail in the threat actor's disclosure is small,' it stated. 'We continue to strongly recommend that organizations take the recommended actions, if they have not already, to improve their security posture.' Fortinet further emphasized that devices purchased since December 2022 or those running FortiOS 7.2.2 or above are not impacted by the disclosed information. For users who were running an affected version (7.0.6 and lower or 7.2.1 and lower) prior to November 2022 and had not taken the recommended actions, Fortinet strongly advised reviewing these actions to fortify their security posture.
FORTINET ZERODAY DATA BREACH CYBERSECURITY FORTIGATE BELSEN GROUP
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Fortinet Firewalls Targeted in Mass Exploitation CampaignSecurity researchers have uncovered a significant campaign targeting Fortinet firewalls that may be exploiting an unknown zero-day vulnerability. The attackers gained access to devices, modified configurations, and used SSL VPN tunnels to maintain access and potentially move laterally within victim networks. Fortinet is reportedly investigating the matter.
Read more »
Fortinet Firewall Exploits: Mass Zero-Day Campaign UncoveredSecurity researchers have revealed a large-scale attack campaign targeting Fortinet firewalls, suspected to be leveraging an unpatched zero-day vulnerability. The campaign, peaking in December, involved malicious actors compromising numerous Fortinet devices, altering configurations, and establishing persistent connections through SSL VPN tunnels.
Read more »
UK Government to Review Ofgem and Enhance Consumer Protections Following 2022 Energy CrisisThe UK government will review Ofgem, the energy regulator, and implement reforms to strengthen consumer protections and improve customer service in response to the 2022 energy crisis. The review aims to address high energy bills, improve bill-paying and complaints processes, and encourage the adoption of energy-efficient technologies.
Read more »
Royal Mint shares rarest 50p coins released into circulation in 2022Some gold-proof versions of these coins have been advertised online for more than £2,000 a piece
Read more »
Reporting Quality of Randomized Controlled Trials on Nonpharmacological Treatments in Chinese Medicine: A 2022 ReviewThis review analyzes the reporting quality of randomized controlled trials (RCTs) on nonpharmacological treatments in Chinese medicine (NPTCM) published in 2022, identifying areas for improvement.
Read more »
Man Arrested in Marbella Over Christmas 2022 Safe House BrawlA 27-year-old man from Vauxhall has been arrested in Marbella in connection with a violent disturbance at the Safe House club in Liverpool in 2022. Merseyside Police are arranging his extradition back to England to face charges of violent disorder and serious assault.
Read more »