- Newly Created Belsen Group Discloses 1.6 GB Archive
- It contains IP addresses, passwords and more, apparently from FortiGate devices.
- The data was extracted two years ago, using a zero-day model.
Sensitive information on more than 15,000 FortiGate devices has been leaked online after a new threat actor, calling itself “Belsen Group”, posted the archives on a dark web forum in an attempt to promote their operations and make a name for yourself.
The group says the data includes IP addresses, passwords and configurations, and for easier analysis it has categorized the targets by country name.
“At the start of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation,” we can read on the discussion thread from the forum.
Authentic, but old data
As part of its data leak efforts, the group set up a dedicated Tor site, as the archive is 1.6 GB.
“The sensitive data of more than 15,000 targets worldwide (government and private sectors) who have been hacked and their data extracted will be published,” the document states.
“And the biggest surprise: all this sensitive and crucial data is absolutely free and offered to you as a gift by the Belsen Group. »
Several security analysts confirmed that the data breach was actually two years old, but was never made public.
The data was extracted by abusing CVE-2022-40684, when it was still a zero-day flaw. This affected FortiOS 7.0.0-7.0.6 and 7.2.0-7.2.2.
“I responded to an incident on a victim organization’s device, and the exploitation was indeed done via CVE-2022-40684, based on artifacts on the device,” said the one of the researchers, Kevin Beaumont, in a blog post. I was also able to verify that the usernames and passwords shown in the dump match the device details.
“The data appears to have been assembled in October 2022, as a zero-day vulnerability. For some reason, the configuration data dump was released today, a little over 2 years later.”
Via BeepComputer
