Over 15K Fortinet FortiGate firewalls’ data exposed

Newly emergent threat operation Belsen Group has leaked more than 15,000 Fortinet FortiGate firewalls' sensitive data for free in BreachForums, reports Security Affairs.

Included in the exposed firewall data are IP addresses, passwords, and configuration files, said Belsen Group in its post on the hacking forum. All of the impacted FortiGate firewalls — most of which are in Mexico, the U.S., and Germany — had FortiOS versions prior to version 7.2.2 unveiled in October 2022, while many of the exposed IPs were from leading internet service providers, including Vodafone and Deutsche Telekom, according to analysis from Heise Security. "As many as 80 different device types can be found in the data leak, with the FortiGate Firewall 40F and 60F being the most widespread. There are also WLAN gateways and devices for installation in the server rack as well as compact devices for the desk or broom cupboard," said Heise Security, which noted uncertainties in the attack vector leveraged by threat actors.