Everything you need to know about the Fortinet Data Breach Actor

• ?????????? - Ukrainian-linked group named Fortibitch
• ?????????- 440 GB belonging to Fortinet

The hacker group claimed that leaked data included employee resources, finance documents, HR documents from India, product offerings, US sale data as well as professional services and marketing documents.

It was a ransom call, however, ransom negotiation broke down just like the London Drug incident and data was leaked. The data was leaked from the Microsoft Azure Sharepoint Server. The group released credentials to an S3 storage bucket on the underground breach forum, where it claimed other cybercriminals would be able to access the stolen data.

Threat actors mentioned that it had attempted to negotiate a ransom for the stolen information with Fortinet's leadership, however, it didn't work and they leaked data. Fortinet didn't follow the governing protocol to disclose the major cyber incidents timely. The?hacker?also questioned why Fortinet had not yet filed an 8-K disclosure at the U.S. Securities and Exchange Commission (SEC), which is a mandatory disclosure for security incidents affecting publicly traded companies.

Fortinet acknowledged the incident in a statement released on 12 September, confirming there was unauthorized access to a third-party storage drive. Reporting on the incident, threat intelligence firm CloudSEK stated with "medium confidence" that the Fortibitch group is based in Ukraine.