FortiGate Configuration Leak Exposes Thousands of Organizations

Share post:

A recent security incident has resulted in the exposure of nearly 5,000 organizations’ email addresses and IP information due to a leak of FortiGate firewall configuration files. The breach traces back to the exploitation of a zero-day vulnerability, CVE-2022-40684, in 2022. 

The Belsen Group, a cybercriminal organization, leaked approximately 15,000 FortiGate configuration files online. Security researcher Kevin Beaumont helped analyze the leaked files and compiled a list of email addresses embedded in the configurations to assist in identifying victims. However, Beaumont noted that “not every configuration file includes email addresses,” meaning the list is not exhaustive. These email addresses, while not part of the leak itself, were added as a tool for organizations to determine if they were impacted.

The leaked configuration files are particularly dangerous as they can provide attackers with insights into how networks are structured, including firewall rules and VPN details. Malicious actors can exploit this data for reconnaissance, lateral movement, or further attacks, including ransomware or data theft. While Fortinet has recommended organizations update credentials and review their systems, the exposure of such sensitive files highlights the critical need for securing and monitoring configurations.

SUBSCRIBE NOW

Related articles

North Korean Hackers Trick Employees With New Social Engineering

North Korean Hackers Trick Employees With New Social Engineering, New Prompt Injection Attack Compromises Gemini's Long-Term Memorym Canada's...

Canada’s Tech Sector Faces Continuing Talent Crunch: Hashtag Trending

Report Says Canada's Tech Sector Faces Continuing Talent Crunch Amid Rapid AI Advancements, Study Reveals reCAPTCHA's Lousy At...

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

homson Reuters Wins Landmark AI Copyright Case: Hashtag Trending for Thursday, February 13, 2025

Thomson Reuters Wins Landmark AI Copyright Case, Tumblr joins the fediverse and converts to WordPress, The US and...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways