15k+ Fortigate configs released as free download
All the configs appear to come from Fortigate 7.x devices, so this is probably the latest zero day Fortinet didn't tell people about.
Happy new year! Unless you're using Fortigate; who have been warning about zero day vulnerabilities as far back as 2022 but also suffered a data breach in 2024.
This release from Belsen Group on January 14th contains IP addresses, usernames, passwords, device management certs, firewall rules, and full config.conf dumps from Fortigate firewalls around the world. They claim it includes data from government and private sector.
Kevin Beaumont, a self proclaimed "cybersecurity weather person and award winning shitposter" posted on Mastodon:
The ZIP contains a folder for each IP address, inside is config.conf (Fortigate full config dump) and vpn-passwords.txt.
The Fortigate config data appears legit - they're unique - and it looks like a very serious cyber incident is going to play out. Some align to Shodan.
All the configs appear to come from Fortigate 7.x devices, so this is probably the latest zero day Fortinet didn't tell people about.
In a later blog post, Beaumont also explains the data appeared to be assembled in October 2022. This makes me wonder if the group attempted to work with Fortigate to have it patched before releasing the data. I've known security researchers to have difficulties when getting companies to understand and patch security exploits. Often they simply try to coheres and silence whistleblowers if the information could effect their bottom line.
It may be a little late but it's still advised to patch for the CVE-2022–40684 vulnerability and assess your risks and possible exposure.
