Last Updated on September 9, 2021 by Calvin C.
Are you a user of Fortinet’s VPN? If yes, check if your login credentials are safe because a cybercriminal gang leaked 500,000 Fortinet VPN user’s passwords to the dark web.
This incident took place on the 7th of September 2021 and the gang goes by the code name “Orange.” Usernames and passwords were paraded for free on the dark web, which shows that the goal was not to cash in on the attack, by to earn bragging rights.
Previously, the FBI and CISA jointly released a document detailing multiple vulnerabilities identified in the VPN. Unfortunately, these were identified too late and the threat actor capitalized on these flaws to compromise user’s accounts.
Fortinet has since patched the vulnerabilities but the attack may leave a lasting dent in the trust score of the VPN provider.
Reports indicate that the credentials belong to almost 500,000 users (498,908 to be exact) and over 12,856 devices.
According to Bleeping Computer, all IP addresses checked belonged to Fortinet servers and the bulk of the accounts are from these countries:
In total, users from about 74 countries were affected by the cyberattack.
The “Orange” cybercriminal gang is believed to be linked to a ransomware gang, “Groove”, according to research. In addition, the “Orange” gang broke away from Bakuk Ransomware operation after a dispute and is now affiliate to the Groove ransomware operation.
More to follow…