Facebook Linkedin
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
Search
Monday, July 7, 2025
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
Facebook Linkedin
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
Cisomag banner-Essentials
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
Home News 500,000 Fortinet VPN Credentials Leaked on Dark Web Forum
  • News
  • Threats

500,000 Fortinet VPN Credentials Leaked on Dark Web Forum

A threat actor, identified as “Orange,” leaked around 500,000 Fortinet VPN account details on the dark web. Orange is allegedly the leader of the RAMP hacking forum and also a part of the Groove ransomware operation.

By
CISOMAG
-
September 9, 2021
Facebook
Twitter
Pinterest
WhatsApp
    Fortinet VPN, VPN, VPN devices

    A previously patched Fortinet VPN vulnerability has again been exploited. The threat actor, identified as “Orange,” allegedly exploited the Fortinet CVE-2018-13379 vulnerability and leaked over 500,000 login credentials of the Fortinet VPN users on the dark web.

    VPNs are meant for private communication, and their functionality is to secure and manage private networks. But if your security itself is breached, the consequences are devastating, as it exposes the network to malware and ransomware attacks.

    The list of user accounts was leaked for free on a dark web forum to give access to other threat actors to perform malicious activities on the compromised devices. According to AdvIntel, a threat prevention and loss avoidance firm, a new ransomware group, dubbed Groove, which became more active in August and September 2021, released leaks of Fortinet VPN SSL credentials via their leak website on September 7, 2021. 799 directories and 86,941 compromised VPN connections were reportedly on the list.

    Orange, who was allegedly a part of the Babuk ransomware gang before, is believed to be the leader of the RAMP hacking forum and also a part of the Groove ransomware-as-a-service operation.

    In a Twitter thread to Bleeping Computer, @CryptoCypher shared a cleaned list of the IP addresses for the Fortinet VPN victims.

    Looking for the Fortinet VPN victim list from today’s news? I parsed it for you, fellow researchers: https://t.co/M7o3XmOgYE

    I used reverse DNS to add more context to the IP addresses and removed usernames and passwords. #Fortinet #CTI #DataLeak #DataBreach https://t.co/kxJ7K9mc5N

    — Cypher (@CryptoCypher) September 8, 2021

    Hackers leak passwords for 500,000 Fortinet VPN accounts – @LawrenceAbramshttps://t.co/1oQfe2L0I4

    — BleepingComputer (@BleepinComputer) September 8, 2021

    Advice

    Experts have recommended disabling all VPNs, upgrading the devices to FortiOS 5.4.13, 5.6.14, 6.0.11, or 6.2.8 and above, installing the latest patches, and resetting the password across the organization to avoid potential risks.

    Attacks against Fortinet’s SSL-VPN

    Nuspire, a managed security services provider (MSSP), in its 2021 Q1 Threat Landscape Report witnessed a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN.

    As more and more organizations had to resort to the remote and hybrid work environment, threat actors also took action, leveraging on the opportunities around the exposed landscape and actively continue to do so.

    “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, Nuspire Chief Security Officer.

    The benefit of a VPN is that it provides access to resources inaccessible on the public network and is typically used for telecommuting/remote workers. Encryption is common, although not an inherent part of a VPN connection.

    Zcsaler’s 2021VPN Risk Report, which was based on the responses of over 350 cybersecurity professionals, highlighted that 72% of organizations expressed concern over VPN endangering the IT systems’ ability to keep their environments secure. Interestingly, 67% of enterprises are considering a remote access alternative to a traditional VPN. With zero trust model gaining significance, 72% of companies are prioritizing the adoption of a zero trust model given the shift to the remote work environment. It also reflected on the level of awareness among the user community and cited that 93% of companies are leveraging VPN services, and yet 94% are aware of VPNs being targeted by threat vectors to gain access to network resources and spread malware and ransomware.

    • TAGS
    • Fortinet VPN account
    • Fortinet VPN users
    • hackers
    • Passwords
    • ransomware gang
    • virtual private networks
    • virtual private networks accounts
    • VPN
    • VPN accounts
    Facebook
    Twitter
    Pinterest
    WhatsApp
      Previous articleMillions of Bluetooth Devices Affected by BrakTooth Flaws
      Next articleNever Trust, Always Verify: White House to U.S. Agencies
      CISOMAG
      CISOMAG
      https://cisomag.com/

      RELATED ARTICLESMORE FROM AUTHOR

      PSTI IoT Bill, Common IoT Attacks
      Features

      3 Common IoT Attacks that Compromise Security

      SIM Swapping
      News

      FBI Issues a Lookout for SIM Swapping Attacks

      remote work, Remote workforce security
      News

      How Remote Work Increase Digital Anxiety



      Cyber Career Starter Scholarship

      Latest Issue is Out!

      Ciso mag jan
      cciso_sidebar
      boxbanner

      FOLLOW US FOR MORE UPDATES


      CYBER SHOTS
      Quick, punchy updates on Cyber trends, news and links to free resources. Only via Telegram and Signal. Join the groups now!
      Click Here Click Here
      Cybersecurity News and Updates, Magazine
      CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
      Contact us: [email protected]
      Facebook Linkedin

      EVEN MORE NEWS

      CyberSecID Conference 2025 (CSID2025)

      July 4, 2025

      World AI Show – Indonesia

      July 4, 2025

      Cyber Security Expo Europe

      June 19, 2025

      POPULAR CATEGORY

      • News2554
      • Threats1657
      • Features592
      • Partnerships215
      • Governance191
      • Startups161
      • Upcoming Events122
      • Terms of Use
      • Privacy Policy
      • Advertise with us
      • Contact Us
      • MASTERCLASS
      © CISOMAG 2024
      We Care
      Ensuring that you get the best experience is our only purpose for using cookies. If you wish to continue, please accept. You are welcome to provide a controlled consent by visiting the cookie settings. For any further queries or information, please see our privacy policy.
      Do not sell my personal information.
      Cookie SettingsAccept
      Manage consent

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
      Necessary
      Always Enabled
      Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
      CookieDurationDescription
      cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
      cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
      cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
      cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
      cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
      viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
      Functional
      Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
      Performance
      Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
      Analytics
      Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
      Advertisement
      Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
      Others
      Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
      SAVE & ACCEPT
      MORE STORIES
      Upcoming Events

      CyberSecID Conference 2025 (CSID2025)

      CISO MAG - July 4, 2025 0
      Date: July 9-10, 2025 Location: Shangri La, Jakarta, Indonesia CyberSecID Conference 2025 (CSID2025) is a premier gathering of security professionals from...