Trends
LACNIC exposes leak of thousands of Fortinet device credentials
What happened: Fortinet credentials leaked in massive breach A significant data breach has emerged as a group of criminals leaked the configuration files, IP addresses, and VPN access credentials of over 15,000 Fortigate devices on the dark web. Each folder contained a Fortigate config dump file alo…
Headline
What happened: Fortinet credentials leaked in massive breach A significant data breach has emerged as a group of criminals leaked the configuration files, IP addresses, and VPN access credentials of over 15,000 Fortigate devices on the dark web. Each folder contained a Fortigate…
Context
A significant data breach has emerged as a group of criminals leaked the configuration files, IP addresses , and VPN access credentials of over 15,000 Fortigate devices on the dark web. Each folder contained a Fortigate config dump file alongside a vpn-passwords.txt file. Alarmingly, some passwords were stored in plain text, likely due to poor complexity or system configuration. This breach is linked to a zero-day vulnerability (CVE-2022-40684) that hackers exploited by downloading configurations from compromised FortiGate devices. They created an administrator account named ‘fortigate-tech-support’ to facilitate their access.
Evidence
Pending intelligence enrichment.
Analysis
Although the data was collected in 2022, it reveals critical information about network defences, including firewall rules and sensitive credentials. LACNIC CSIRT has analysed the associated IP addresses and identified the countries affected within the LACNIC region, highlighting the extensive reach of this security incident. Also read: KSC becomes Fortinet Advanced Partner, elevating network security standards Also read: Fortinet’s 2H 2023 threat report: Key insights and imperatives This breach underscores the ongoing vulnerabilities within critical cybersecurity infrastructure, particularly in devices widely used across various sectors. The exposure of Fortinet credentials not only jeopardises the security of individual organisations but also poses a broader risk to the interconnected systems that rely on these devices. As cybersecurity threats become more sophisticated, incidents like this serve as a wake-up call for all organisations to reassess their security protocols. This leak follows a troubling trend in the tech industry, where high-profile breaches have become alarmingly common. For example, the previous incident involving the leakage of 500,000 credentials from Fortinet devices illustrates a pattern of negligence in securing sensitive data. Such events highlight the necessity for robust security measures and regular firmware updates, as recommended by experts.
Key Points
- A data breach has exposed the credentials and config files of over 15,000 Fortigate devices, with some passwords stored in plain text.
- This incident is linked to a zero-day vulnerability exploited by hackers, raising significant concerns about cybersecurity across affected networks.
Actions
Pending intelligence enrichment.
