Hackers leak passwords for 500,000 Fortinet VPN accounts

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
Both posts lead to a file hosted on a Tor storage server used by the Groove gang to host stolen files leaked to pressure ransomware victims to pay.
BleepingComputer's analysis of this file shows that it contains VPN credentials for 498,908 users over 12,856 devices.

While we did not test if any of the leaked credentials were valid, BleepingComputer can confirm that all of the IP address we checked are Fortinet VPN servers.
Further analysis conducted by Advanced Intel shows that the IP addresses are for devices worldwide, with 2,959 devices located in the USA.
Click to expand...
Kremez told BleepingComputer that the Fortinet CVE-2018-13379 vulnerability was exploited to gather these credentials.
A source in the cybersecurity industry told BleepingComputer that they were able to legally verify that at least some of the leaked credentials were valid.
Click to expand...
 
  • Like
  • Thanks
  • +Reputation
Reactions: Nevi, Gandalf_The_Grey, upnorth and 4 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
The vulnerability was over 2 years old when it was exploited. But as crazy as that sounds on the surface, in practice it's more complicated:
  • FortiNet OS updates are notorious for breaking things here and there. They do not do separate security patches vs OS updates (similar to how iOS is updated, you get a mix of security fixes and features). Companies that have complicated networking rules are often afraid of upgrading because of the long tail of issues that only get noticed during business hours.
  • Like most enterprise devices, you must pay a subscription fee to get access to software updates and support. If your contract expires, you lose access to these updates. If you want access again, you most often have to "back-pay" all the license payments you missed, plus an additional penalty. When money gets tight, it's tempting to skip renewing your enterprise network equipment licenses.... but once you do so, you dig yourself into a hole of debt that's hard to get out of.
 
  • Like
  • +Reputation
Reactions: CyberTech, Nevi and Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

vtqhtr413
    • +Reputation
    • Wow
    • Like
TSMC denies LockBit hack as ransomware gang demands $70 million
Replies
2
Views
1,200
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • Wow
    • Thanks
Microsoft denies data breach, theft of 30 million customer accounts
Replies
6
Views
1,366
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
US energy firm shares how Akira ransomware hacked its systems
Replies
0
Views
657
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top