Data Breach Hits Cyber Giant Fortinet

Cybersecurity leader Fortinet has acknowledged a data breach after a threat actor claimed to have stolen 440GB of data from the company’s Microsoft SharePoint server.

Fortinet, a global giant in the cybersecurity sector, with headquarters in Sunnyvale, California is known for providing secure networking products such as firewalls, routers, and VPN devices. Additionally, they offer SIEM, network management, EDR/XDR solutions, and various consulting services.

A threat actor posted on a hacking forum, alleging they had exfiltrated 440GB of data from Fortinet’s Azure SharePoint system. The individual also shared login credentials to what they claimed was an S3 bucket, where the stolen data was supposedly stored, allowing other hackers to download it.

The threat actor, operating under the alias "Fortibitch," reportedly attempted to extort Fortinet by demanding a ransom, likely to prevent the release of the stolen information. However, the company refused to comply with the demands.

Fortinet confirmed that the breach involved customer data from a "third-party cloud-based shared file drive". According to Fortinet an individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive. This included limited data related to a small number of Fortinet customers.

Fortinet has not provided specific details on the number of affected customers or the nature of the compromised data but assured that they have directly contacted impacted customers as necessary.

This incident follows a similar claim in May 2023, when a threat actor alleged they had breached the GitHub repositories of Panopta, a company Fortinet acquired in 2020, and leaked data on a Russian-speaking hacking forum.

Fortinet has faced a challenging year in 2024 on the security front, marked by several significant incidents:

• January 2024: Fortinet patched two critical vulnerabilities in its FortiOS and FortiProxy HA cluster code. It remains unclear if these vulnerabilities were exploited before the patches were issued.
• February 2024: A difficult week saw the company addressing two critical flaws, followed by another issue in its operating system. Despite the urgency, customers were slow to apply the fixes, leaving over 100,000 devices exposed online. During this period, China’s Volt Typhoon hacking group began actively targeting Fortinet devices.
• June 2024: Chinese hackers breached the Netherlands Ministry of Defense’s security using a previously undiscovered vulnerability. This flaw remained undetected for two months, during which around 20,000 additional FortiGate firewalls were similarly compromised before Fortinet became aware of the attacks.
• Read Fortinet's Notice of Recent Security Incident here

Source: The Cyber Security Hub