Fortinet

Fortinet

A threat actor exploited a Fortinet vulnerability and has exfiltrated and leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices.

These VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.

The list of Fortinet credentials was leaked for free by a threat actor known as 'Orange,' who is the administrator of the newly launched RAMP hacking forum.

The exploited Fortinet vulnerability was soon patched, but many VPN credentials were still valid.

Source: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/

TPRM report: https://scoringcyber.rankiteo.com/company/fortinet

"id": "for223227123",
"linkid": "fortinet",
"type": "Vulnerability",
"date": "09/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'Fortinet',
                        'type': 'Company'}],
 'attack_vector': 'Exploitation of Vulnerability',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '500,000',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['VPN login names',
                                              'VPN passwords']},
 'description': 'A threat actor exploited a Fortinet vulnerability and has '
                'exfiltrated and leaked a list of almost 500,000 Fortinet VPN '
                'login names and passwords that were allegedly scraped from '
                'exploitable devices. These VPN credentials could allow threat '
                'actors to access a network to perform data exfiltration, '
                'install malware, and perform ransomware attacks. The list of '
                'Fortinet credentials was leaked for free by a threat actor '
                "known as 'Orange,' who is the administrator of the newly "
                'launched RAMP hacking forum. The exploited Fortinet '
                'vulnerability was soon patched, but many VPN credentials were '
                'still valid.',
 'impact': {'data_compromised': ['VPN login names', 'VPN passwords'],
            'systems_affected': 'Fortinet VPN devices'},
 'initial_access_broker': {'entry_point': 'Fortinet VPN vulnerability'},
 'motivation': 'Unspecified',
 'post_incident_analysis': {'corrective_actions': 'Patching the vulnerability',
                            'root_causes': 'Exploitation of Fortinet VPN '
                                           'vulnerability'},
 'response': {'remediation_measures': 'Patching the vulnerability'},
 'threat_actor': 'Orange',
 'title': 'Fortinet VPN Credential Leak',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Fortinet VPN vulnerability'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.