: The .rar archive reportedly includes sensitive information such as: IP addresses and port details. Firewall configuration settings. Hashed or plain-text VPN passwords.
The file is linked to a significant cybersecurity incident involving the Belsen Group (or a group using that name) that surfaced around mid-January 2025. Configs Leaked.rar
Security researchers and community members on platforms like Reddit have been mapping the leaked IPs to identify affected organizations. If you are an administrator of a FortiGate device: The file is linked to a significant cybersecurity
Unknown group releases Fortinet config files and VPN ... - Heise - Heise : Investigations suggest the data was
: Investigations suggest the data was likely stolen in late 2022 . The leak is believed to be the result of attackers exploiting a specific authentication bypass vulnerability, CVE-2022-40684 , which allowed administrative access to affected FortiOS, FortiProxy, and FortiSwitchManager products.
: Immediately change all administrative and VPN passwords.