Kevin Beaumont on Nostr: The ZIP contains a folder for each IP address, inside is config.conf (Fortigate full ...
The ZIP contains a folder for each IP address, inside is config.conf (Fortigate full config dump) and vpn-passwords.txt.
The Fortigate config data appears legit - they're unique - and it looks like a very serious cyber incident is going to play out. Some align to Shodan.
All the configs appear to come from Fortigate 7.x devices, so this is probably the latest zero day Fortinet didn't tell people about.
Published at
2025-01-15 23:17:04Event JSON
{
"id": "53004e87d54c5d14014515eb996ce5136b4db8599fe1345d0f14495c6c849a70",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1736983024,
"kind": 1,
"tags": [
[
"e",
"32cf4f53d08aa6740314d158118e4d2ee1c1f7fda5ff689deaf12c8d14921579",
"wss://relay.mostr.pub",
"reply"
],
[
"imeta",
"url https://cyberplace.social/system/media_attachments/files/113/834/861/391/297/961/original/66618865606964d5.png",
"m image/png",
"dim 920x1604",
"blurhash U8P6{p%08^9Dogj[fkays.ocoeoet6oKoKj?"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/113834919489293717",
"activitypub"
]
],
"content": "The ZIP contains a folder for each IP address, inside is config.conf (Fortigate full config dump) and vpn-passwords.txt.\n\nThe Fortigate config data appears legit - they're unique - and it looks like a very serious cyber incident is going to play out. Some align to Shodan.\n\nAll the configs appear to come from Fortigate 7.x devices, so this is probably the latest zero day Fortinet didn't tell people about.\n\nhttps://cyberplace.social/system/media_attachments/files/113/834/861/391/297/961/original/66618865606964d5.png",
"sig": "b6f3939fc73322851b91041142108ec5460d7ea17adb79ad635dab77a158ae1d797a3f88d4a89aac3056b84b6a5898f4479c17d8d1dea106c359b93544442685"
}
