VPN has been playing a crucial role in our work culture lately as they hide our private information but it’s not a foolproof solution. These days hackers can intercept sensitive information you submit on websites using a number of techniques and it’s a nightmare if the VPN is the one that is hacked.
A massive collection of about 500,000 login credentials belonging to customers of a popular VPN product from cybersecurity firm Fortinet was reportedly gathered and leaked by a hacking group. The famous Fortinet VPN was exploited and this is a major breach since the VPN credentials may be used by threat actors to gain access to a network and execute data exfiltration, malware installation, and ransomware assaults.
A threat actor is alleged to have released a list of Fortinet credentials for free. Orange, the head of a new RAMP hacker forum and a new Groove ransomware campaign, has been recognized as the threat actor. Orange is said to have split from an older Babuk ransomware group to become RAMP and Groove. Orange probably disclosed these credentials in order to brag and promote the RAMP hacking forum.
These credentials were obtained via the now-patched Fortinet CVE-2018-13379 vulnerability, however, the credentials are still in use. The IP addresses are linked to Fortinet VPN servers, according to BleepingComputer.