Fortinet Firewall Data Breach: 15,000 Devices Compromised by Belsen Group
<
p style=”text-align: justify;”>
On January 14, 2025, it was reported that the configuration data of over 15,000 Fortinet FortiGate firewalls was leaked on the dark web. The hacker group, identified as Belsen, shared this data for free on its newly created TOR website. The leaked information includes full firewall configurations, plaintext VPN credentials organized by IP address and country, serial numbers, management certificates, and other sensitive data. This breach poses a significant security risk to affected organizations, as it enables attackers to compromise internal networks with ease.
Exploitation of Critical Vulnerabilities
According to cybersecurity analysts, the Belsen Group exploited a zero-day vulnerability, identified as CVE-2022-40684, to obtain the leaked data. This vulnerability, published in 2022, allowed attackers to bypass administrative authentication through specially crafted HTTP/HTTPS requests. By leveraging this flaw, the attackers exfiltrated configuration files containing sensitive details such as passwords, firewall rules, and advanced settings. These files, though obtained in 2022, remained undisclosed until January 2025, significantly increasing the risk exposure for affected organizations.
In response to this ongoing threat, Fortinet released patches for CVE-2022-40684 and announced a new critical authentication bypass
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.