Hackers leak passwords for 500,000 Fortinet VPN accounts

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
Both posts lead to a file hosted on a Tor storage server used by the Groove gang to host stolen files leaked to pressure ransomware victims to pay.
BleepingComputer's analysis of this file shows that it contains VPN credentials for 498,908 users over 12,856 devices.

While we did not test if any of the leaked credentials were valid, BleepingComputer can confirm that all of the IP address we checked are Fortinet VPN servers.
Further analysis conducted by Advanced Intel shows that the IP addresses are for devices worldwide, with 2,959 devices located in the USA.
Click to expand...
Kremez told BleepingComputer that the Fortinet CVE-2018-13379 vulnerability was exploited to gather these credentials.
A source in the cybersecurity industry told BleepingComputer that they were able to legally verify that at least some of the leaked credentials were valid.
Click to expand...
 
  • Like
  • Thanks
  • +Reputation
Reactions: Nevi, Gandalf_The_Grey, upnorth and 4 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
The vulnerability was over 2 years old when it was exploited. But as crazy as that sounds on the surface, in practice it's more complicated:
  • FortiNet OS updates are notorious for breaking things here and there. They do not do separate security patches vs OS updates (similar to how iOS is updated, you get a mix of security fixes and features). Companies that have complicated networking rules are often afraid of upgrading because of the long tail of issues that only get noticed during business hours.
  • Like most enterprise devices, you must pay a subscription fee to get access to software updates and support. If your contract expires, you lose access to these updates. If you want access again, you most often have to "back-pay" all the license payments you missed, plus an additional penalty. When money gets tight, it's tempting to skip renewing your enterprise network equipment licenses.... but once you do so, you dig yourself into a hole of debt that's hard to get out of.
 
  • Like
  • +Reputation
Reactions: CyberTech, Nevi and Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
Security News Fortinet confirms data breach after hacker claims to steal 440GB of files
Replies
0
Views
1,376
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
Security News City of Columbus: Data of 500,000 stolen in July ransomware attack
Replies
0
Views
227
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
Security News Hackers abused API to verify millions of Authy MFA phone numbers
Replies
3
Views
3,265
Security News
SpiderWeb
SpiderWeb

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top