Threat actors have released credentials of Fortinet VPN users online, which are thought to enable other cyber criminals to gain remote access to the networks behind the VPN.
A malicious actor has released the user credentials and IP addresses linked to the Fortinet SSL VPN to an internet hacking forum.
It was revealed late last week that the passwords for an estimated 500,000 Fortinet VPN accounts were leaked onto the hacking forum RAMP.
Media outlets have reported that the website’s administrator, operating under the nom de plume ‘Orange’, was formerly associated with the Babuk cyber gang.
Fortinet confirmed that it is aware of the hack, which was achieved by taking the credentials from unpatched files.
“Fortinet has become aware that a malicious actor has recently disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices,” a blog post on the company’s website read.