Negotiation fails: Threat actor leaks 440 GB of data from Fortinet’s Sharepoint
On 12 September 2024, CloudSEK's XVigil platform discovered a threat actor named “Fortibitch” leaking 440GB of data allegedly exfiltrated from Fortinet's SharePoint repository. The actor attempted to extort the company but, after unsuccessful negotiations, released the data. It remains unclear if ransomware was used in the breach, as it was not mentioned by the actor. "Fortibitch" referenced the Ukrainian hacking group DC8044, though no direct connection is established between them. Based on available information, it is believed with medium confidence that the threat actor is based in Ukraine.
Written by
CloudSEK TRIAD