FortiGate Devices Compromised by Belsen Group Data Leak
2025-01-16
Need some ammo against Fortinet? Learn how a breach exposed critical vulnerabilities in FortiGate devices and understand the importance of robust security measures.
A new hacking group, the Belsen Group, has leaked configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices on the dark web, exposing sensitive information to cybercriminals. The leaked data includes private keys and firewall rules and is organized by country and IP address. This breach is believed to be linked to the exploitation of a zero-day vulnerability, CVE-2022–40684, in FortiOS before it was patched in version 7.2.2. Despite the data being collected in 2022, it still poses significant security risks to affected networks.
Zero-Day, Sensitive Data, Weak or Compromised Credentials, Patch Management
FortiGate, Belsen Group, Data Leak, VPN Credentials, Zero-Day Vulnerability, CVE-2022-40684
CVE-2022-40684; CVE-2018-13379
FortiGate, FortiOS
A new hacking group, known as the Belsen Group, has made headlines by leaking sensitive information from over 15,000 FortiGate devices. This leak, which includes configuration files, IP addresses, and VPN credentials, was made available for free on the dark web, posing significant risks to both governmental and private sector networks worldwide. The leaked data consists of a 1.6 GB archive organized by country, with subfolders for each FortiGate device's IP address. Each folder contains a configuration file ( Cybersecurity expert Kevin Beaumont suggests that this breach may be linked to the exploitation of a zero-day vulnerability, CVE-2022–40684. This vulnerability was used in attacks before a fix was released in FortiOS version 7.2.2. Although the data was collected in 2022, the information it contains remains valuable to threat actors, highlighting the ongoing importance of timely patch management. The leak underscores the critical need for organizations to maintain robust security measures, including regular updates and patch management to protect against known vulnerabilities. With sensitive network information exposed, affected organizations must act swiftly to mitigate potential threats.New Hacking Group Leaks FortiGate Data
The Data Leak
configuration.conf) and a file with VPN passwords (vpn-passwords.txt). Alarmingly, some passwords are stored in plain text. These configuration files also contain private keys and firewall rules, providing a detailed map of network defenses that cybercriminals could exploit.Connection to Previous Vulnerability
Implications for Security