- The newly created Belsen Group is leaking a 1.6 GB file
- It contains IP addresses, passwords, and more, supposedly from FortiGate devices.
- The data was obtained two years ago, using a zero day.
Sensitive information about more than 15,000 FortiGate devices was leaked online after a new threat actor, calling itself the “Belsen Group,” posted the file on a dark web forum in an attempt to promote its operation and make a name for itself.
The group says the data includes IP addresses, passwords and settings, and to facilitate analysis, it categorized targets by country names.
“At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in his memory, we are proud to announce our first official operation,” the forum thread reads.
Authentic but old data
As part of their data breach effort, the group created a dedicated Tor site, as the file is 1.6 GB in size.
“Sensitive data of more than 15,000 targets around the world (both government and private sector) who have been hacked and their data extracted will be published,” he said.
“And the biggest surprise: all this confidential and crucial data is absolutely free and is offered to you by the Belsen Group as a gift.”
Several security analysts confirmed that the data breach is actually two years old, but it was never made public.
The data was obtained by abusing CVE-2022–40684, when it was still a zero-day flaw. Affected FortiOS 7.0.0-7.0.6 and 7.2.0-7.2.2.
“I have responded to incidents on a device at a victim organization, and the exploit was performed via CVE-2022–40684 based on artifacts on the device,” said one of the researchers, Kevin Beaumont, in a blog post . “We have also been able to verify that the usernames and password seen in the dump match the device details.”
“The data appears to have been collected in October 2022, as a zero-day vulnerability. For some reason, the configuration data dump was published today, just over 2 years later.”
Through beepcomputer
