Login details 500,000 users of corporate VPN Fortinet on the street after hack
Hackers have stolen half a million username-and-password combinations from corporate cyber security provider Fortinet in a year. According to BleepingComputer, the data has now been made available free of charge to promote the new hacker forum RAMP.
Vulnerable corporate networks
Fortinet’s VPN service is used by companies to securely connect employees who work from home to the relevant company network, for example. The vulnerability is therefore very serious, as it allows attackers to gain access to the networks of many Fortinet customers. This allows cybercriminals to steal data, install malware or perform ransomware attacks.
Login data as a marketing stunt
According to Bleepingcomputer, the hack was carried out by the administrator of the new hacker’s forum, under the name ‘Orange’. Orange is believed to be a former member of the gang that developed the infamous Babuk ransomware. With this self-developed malware, the criminals can encrypt all found data after breaking into a network and then demand money for the decryption. After the breakup of the Babuk gang, Orange now runs the new hacker forum RAMP. There also appear to be tied to the new ransomware-as-a-service (RaaS) group Groove.
Ransomeware is a service that allows other criminals to buy ransomware packages so that they can use them against companies themselves. The groups ask for an amount in cryptocurrency and in some cases a part of the ransom that has been extracted. This action is probably intended to lure members to the new hacker forum and to show potential Groove RaaS customers that they know what they are doing.
Half a million accounts
The 498,908 accounts come from 12,856 devices from around the world. The data was stolen by exploiting a now patched vulnerability, according to an analysis by Advanced Intel. The vulnerability used has therefore already been closed, but many of the login details are probably still valid. Administrators of companies using the Fortinet VPN service are advised to reset all users’ passwords and analyze their logs. In this way, suspicious login attempts and other threats such as ransomware attacks can be recognized and prevented at an early stage.
Catch up on more articles here
Follow us on Twitter here