A threat actor leaked a list of nearly 500,000 Fortinet VPN login names and passwords allegedly stolen from exploited devices.
The threat actor revealed that the exploited Fortinet vulnerability had been patched, but a careful investigation showed that many VPN credentials remain valid, meaning that they could still be used by threat actors to access a network to perform data exfiltration, malware installation and ransomware attacks.
According to reports, the VPN credentials were leaked from a threat actor known as “Orange,” which is the administrator of the newly founded RAMP hacking forum and former operator of the Babuk Ransomware gang.
The purpose behind the leak remains unknown, but it is believed that it was carried out to promote the RAMP hacking forum and the Groove Ransomware-as-a-service operation.
In the future, all administrators of the Fortinet VPN server are advised to take precautions by forcibly resetting all user passwords while checking their logs for possible intrusions.
For more information, read the original story in BleepingComputer.