So the data was probably stolen in the fall of 2022, but where and how did the unknown attackers obtain the sensitive information? heise online
Security researchers and community members on platforms like Reddit have been mapping the leaked IPs to identify affected organizations. If you are an administrator of a FortiGate device: Configs Leaked.rar
The file is linked to a significant cybersecurity incident involving the Belsen Group (or a group using that name) that surfaced around mid-January 2025. So the data was probably stolen in the
: Investigations suggest the data was likely stolen in late 2022 . The leak is believed to be the result of attackers exploiting a specific authentication bypass vulnerability, CVE-2022-40684 , which allowed administrative access to affected FortiOS, FortiProxy, and FortiSwitchManager products. : Investigations suggest the data was likely stolen
: The .rar archive reportedly includes sensitive information such as: IP addresses and port details. Firewall configuration settings. Hashed or plain-text VPN passwords.
: Immediately change all administrative and VPN passwords.
Unknown group releases Fortinet config files and VPN ... - Heise