- Newly established Belsen Group is leaking a 1.6GB archive
- It contains IP addresses, passwords, and more, reportedly from FortiGate devices
- The data was pulled two years ago, using a zero-day
Sensitive information on more than 15,000 FortiGate devices has leaked online after a new threat actor, calling themselves “Belsen Group”, posted the archive on a dark web forum in an attempt to promote their operation and make a name for themselves.
The group says the data includes IP addresses, passwords, and configurations, and to make analysis easier, it categorized the targets by country names.
“At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation,” the thread on the forum reads.
Authentic, but old, data
As part of its data leak effort, the group set up a dedicated Tor site, as the archive is 1.6GB large.
“Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted,” it noted.
“And the biggest surprise: All this sensitive and crucial data is absolutely free, offered to you as a gift from the Belsen Group.”
Multiple security analysts confirmed the data breach is actually two years old, but was never released to the public.
The data was pulled by abusing CVE-2022–40684, while it was still a zero-day flaw. It affected FortiOS 7.0.0-7.0.6, and 7.2.0-7.2.2.
“I’ve done incident response on one device at a victim org, and exploitation was indeed via CVE-2022–40684 based on artefacts on the device,” one of the researchers, Kevin Beaumont, said in a blog post. “I’ve also been able to verify the usernames and password seen in the dump matches the details on the device.”
“The data appears to have been assembled in October 2022, as a zero day vuln. For some reason, the data dump of config has been released today, just over 2 years later.”
Via BleepingComputer