← All stories
● Covered by 3 sources Β· 3 reportsMedium impact

FortiBleed Campaign Compromises Fortinet Devices, Linked to Ransomware Groups

πŸ”„ Updated 1h ago β€” new reporting from BleepingComputer, SecurityWeek
Aggregated by BrevFeed security Β· updated 2h ago
πŸ”– Save

The FortiBleed campaign has been connected to the INC and Lynx ransomware groups, compromising credentials from Fortinet devices. Researchers found the operation entailed scanning 11,250 FortiGate portals and compromised 354 targets, leading to 12 ransomware deployments. The breach highlights significant cybersecurity risks, affecting organizations globally.

Key points

Overview of the FortiBleed Campaign

The FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware groups, highlighting the security risks posed to Fortinet devices. The operation has been active since at least February and involves the theft of over 73,000 credentials from Fortinet devices globally.

Scope and Method of the Attack

Researchers discovered a server with credentials from over 73,000 Fortinet devices, suggesting future network intrusions. Attackers used the 'FortiGate Sniffer' tool on compromised firewalls to intercept authentication data directly from network traffic.

The investigation found that scanning activity targeted approximately 11,250 FortiGate portals worldwide, resulting in administrative-level access to 409 targets and successful completion of attacks on 354 of them.

Ransomware Deployment and Impact

SOCRadar confirmed that the compromised credentials facilitated 12 ransomware deployments, encrypting hundreds of endpoints. The campaign poses significant cybersecurity threats across sectors, affecting countries worldwide.

Attribution and Threat Actors

The FortiBleed operation is likely operated by a Russian initial access broker, aiming to exploit Fortinet devices for access to sensitive information. The connection to INC and Lynx ransomware groups emphasizes the broader risk of credential-theft fueling ransomware attacks across multiple industries.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

How outlets covered it

The FortiBleed operation, targeting over 430,000 FortiGate firewalls, has enabled the deployment of INC and Lynx ransomware, affecting organizations globally. This campaign has compromised over 110 million credentials, linking credential theft directly to subsequent ransomware activity, which poses a significant threat to cybersecurity across various sectors.

The FortiBleed campaign has been connected to INC and Lynx ransomware groups, revealing a significant breach affecting Fortinet devices. This connection indicates that stolen credentials from a large-scale operation facilitated numerous ransomware deployments, targeting sectors like manufacturing and technology globally.

The FortiBleed credential theft campaign has been connected to the INC and Lynx ransomware groups, indicating stolen Fortinet credentials will likely be used for future attacks. Over 73,000 credentials were exposed along with tools designed to intercept authentication data, revealing a sophisticated operation that targets Fortinet devices.