Precursor Security have observed a hacking group sharing over 15,000 credentials for FortiGate devices following a historic mass exploitation campaign. In this blog we'll explain the attack and provide advice on how we can help.
Get Your 'Vulnerability Management Template' FREE!
Your Vulnerability Management Template Includes:
Secure your organisation today by completing the form for your Vulnerability Management Template.
Download the, 'How to secure Microsoft Office Desktop Deployments Technical Guide' - FREE
Complete the form to download your free technical guide and secure your organisation today.
Download the Cyber Essentials Template Policy Pack - FREE
Complete the form to download your FREE Cyber Essentials Template Pack today, including:
Download the Microsoft 365 Security Guide - FREE
Complete the form to download your FREE Microsoft 365 Security Guide today, including:
Sign up on the form and receive the guide instantly.
On January 14th, a hacking group – known as ‘Belsen Group’ – claims to have leaked over 15,000 credentials for FortiGate devices, on a dark web forum. FortiGate credentials are especially valuable for facilitating the initial access point into an organisations internal network.
The group claims to have leaked IP addresses, passwords and contents of configs. It’s understood that the group have did this to gain “reputation” in the cyber criminal underworld, by giving away these credentials for free.
Security researchers analysing this data leak claim that the data was originally gathered by attackers in 2022, based on analysis of the configuration files pointing to FortiOS versions 7.0.0-7.0.6 or 7.2.0-7.2.2. Around this time, there was a relevant vulnerability tracked under CVE-2022-40684.
This vulnerability allows attackers to perform operations on the administrative interface of FortiGate appliances, potentially facilitating the theft of credentials.
Assessing Shodan results shows that over 9,000 FortiGate devices are in the UK, with varying industries, sectors and sizes related to these devices. Whilst FortiGate exploitation has remained at its peak for atleast two years now and patching has been priority, the rotation of credentials might have been something that has gone ignored by technical teams.
If you’d like to know if you’re impacted, please reach out to info@precursorsecurity.com.
We also offer a suite of relevant services such as:
· Incident Response
· 24x7 Managed UK SOC (CREST)
· Penetration Testing (CREST)
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
![Experienced people icon]](https://cdn.prod.website-files.com/6569bb4bd6018f8bee273541/65c0fddfb82858785bf456d7_rating.png)
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
It’s important to know what you’re getting, what’s not included and what else is available. This starts with understanding a SOC and it’s critical functions. CREST has recently published a guide to the critical functions of a SOC which aligns with the CREST SOC standard.
Enter your details here and to get the complete guide instantly sent to your inbox.
Choose Precursor Security for penetration testing excellence—where industry-leading expertise, CREST accreditation, and a client-focused approach converge to fortify your digital defences with precision and reliability.
We have a CREST accredited Security Operations Centre and all of our penetration testers are CREST certified.
We are accredited to the highest of standards including CREST, ISO27001, ISO9001 and Cyber Essentials Plus.
Our experts have a combined experience of over 30 years delivering security operations to sectors such as healthcare, financial services, aerospace and more.
Precursor Security
Welcome to Precursor Security, where the forefront of cybersecurity and penetration testing expertise meets unmatched dedication and innovation. We are the architects of robust digital defences, committed to safeguarding the online realm.
Sign up for the Precursor newsletter to receive valuable insights and strategies for safeguarding your organisation.
