According to an article published in BleepingComputer, last year, a hacker purportedly leaked a list of nearly 500,000 Fortinet VPN login names and passwords scraped from exploitable devices.
While the exploited Fortinet vulnerability has been patched, the hackers claims that many VPN passwords are still valid.
This is a severe breach because the VPN credentials might be used by hackers to gain access to a network and undertake data exfiltration, install malware, and initiate ransomware assaults.
A threat actor known as ‘Orange,’ who is the administrator of the newly formed RAMP hacking forum and a previous operator of the Babuk Ransomware campaign, leaked the list of Fortinet passwords for free.
After a feud between Babuk gang members, Orange split out to start RAMP and is now thought to be a representative of the new Groove ransomware operation.
The threat actor created a posted with a link to a file supposedly containing thousands of Fortinet VPN accounts on the RAMP forum yesterday.
At the same time, a post publicising the Fortinet VPN leak emerged on the Groove ransomware’s data leak site.
Both posts point to a file hosted on a Tor storage server used by the Groove gang to host stolen files exposed to compel ransomware victims to pay.