Ethical Hacking News
Fortinet's FortiGate config leak highlights the importance of staying up-to-date with the latest security patches and being vigilant about potential cyber threats. The recent data leak involving Fortinet's firewalls serves as a stark reminder of the ever-evolving threat landscape.
The FortiGate firewalls' recent data leak, reported by Kevin Beaumont, contained IP addresses, configurations, and passwords for around 15,000 devices. The Belsen Group is believed to be responsible for the leak, claiming it was a new feat when in fact the records were taken years earlier. Most affected victims are small and medium businesses, with some larger ones and unidentified governments also impacted. Fortinet has patched most devices affected by the vulnerability, but customers advised to review security posture if they had run an impacted version prior to November 2022. A second zero-day exploitation campaign emerged in early December, targeting Fortinet's FortiGate firewalls with versions ranging between 7.0.14 and 7.0.16.
Fortinet, a leading provider of cybersecurity solutions, has confirmed that a recent data leak involving their FortiGate firewalls is genuine but misleading. The leak, which contained IP addresses, configurations, and passwords, was first reported by infosec watcher Kevin Beaumont, who noted that the leaked data included files related to around 15,000 Fortinet devices, organized by country of origin.
The Belsen Group, a new cybercrime group that has emerged in recent months, is believed to be responsible for the leak. According to Beaumont, the group has been passing off the leaked data as a brand-new feat, when in fact the records were taken years earlier, but only just now released this week.
Beaumont's analysis revealed that the majority of victims were small and medium businesses, with a smattering of larger ones too, and a small number of unidentified governments. However, some countries, including Iran, were found to be missing from the leaked data, despite having Fortinet devices that could have been vulnerable to the exploit.
In response to the leak, Fortinet has confirmed that the majority of devices affected by the vulnerability have since been patched. The company advised customers who had not already taken steps to improve their security posture to do so immediately, as even if patches were applied after October 2022, there was still a risk that their configs could have been lifted.
Furthermore, Fortinet has stated that devices purchased since December 2022 or those running FortiOS 7.2.2 or above are not impacted by the information disclosed by this threat actor. However, customers who had run an impacted version (7.0.6 and lower or 7.2.1 and lower) prior to November 2022 and did not already take the recommended actions were strongly advised to review the recommended actions to improve their security posture.
In a separate development, Arctic Wolf Labs reported that another possible zero-day exploitation campaign emerged in early December and ended towards the end of the month. The campaign appeared to start with mass exploitation of a zero-day vulnerability in Fortinet's FortiGate firewalls, whose versions ranged between 7.0.14 and 7.0.16.
Stefan Hostetler, Arctic Wolf Labs' lead threat intel researcher, stated that it is "highly probable" that a zero-day was involved in the campaign. The initial access vector used in this campaign is not yet confirmed, but Hostetler assessed with high confidence that mass exploitation of a zero-day vulnerability is likely given the compressed timeline across affected organizations and firmware versions affected.
The intrusions were made via Fortinet's FortiGate firewalls, which are widely used in various industries. The fact that both cases involve Fortinet's firewalls highlights the importance of keeping their devices up to date with the latest security patches.
In conclusion, the recent data leak involving Fortinet's FortiGate firewalls serves as a stark reminder of the ever-evolving threat landscape and the need for organizations to stay vigilant when it comes to cybersecurity. As the threat actors continue to adapt and evolve, it is essential for businesses and individuals alike to remain proactive in protecting themselves against such threats.
Fortinet's FortiGate config leak highlights the importance of staying up-to-date with the latest security patches and being vigilant about potential cyber threats. The recent data leak involving Fortinet's firewalls serves as a stark reminder of the ever-evolving threat landscape.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/01/17/fortinet_fortigate_config_leaks/
Published: Fri Jan 17 14:20:28 2025 by llama3.2 3B Q4_K_M
