The FortiBleed campaign has been connected to the INC and Lynx ransomware groups, compromising credentials from Fortinet devices. Researchers found the operation entailed scanning 11,250 FortiGate portals and compromised 354 targets, leading to 12 ransomware deployments. The breach highlights significant cybersecurity risks, affecting organizations globally.
The FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware groups, highlighting the security risks posed to Fortinet devices. The operation has been active since at least February and involves the theft of over 73,000 credentials from Fortinet devices globally.
Researchers discovered a server with credentials from over 73,000 Fortinet devices, suggesting future network intrusions. Attackers used the 'FortiGate Sniffer' tool on compromised firewalls to intercept authentication data directly from network traffic.
The investigation found that scanning activity targeted approximately 11,250 FortiGate portals worldwide, resulting in administrative-level access to 409 targets and successful completion of attacks on 354 of them.
SOCRadar confirmed that the compromised credentials facilitated 12 ransomware deployments, encrypting hundreds of endpoints. The campaign poses significant cybersecurity threats across sectors, affecting countries worldwide.
The FortiBleed operation is likely operated by a Russian initial access broker, aiming to exploit Fortinet devices for access to sensitive information. The connection to INC and Lynx ransomware groups emphasizes the broader risk of credential-theft fueling ransomware attacks across multiple industries.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
The FortiBleed operation, targeting over 430,000 FortiGate firewalls, has enabled the deployment of INC and Lynx ransomware, affecting organizations globally. This campaign has compromised over 110 million credentials, linking credential theft directly to subsequent ransomware activity, which poses a significant threat to cybersecurity across various sectors.
The FortiBleed campaign has been connected to INC and Lynx ransomware groups, revealing a significant breach affecting Fortinet devices. This connection indicates that stolen credentials from a large-scale operation facilitated numerous ransomware deployments, targeting sectors like manufacturing and technology globally.
The FortiBleed credential theft campaign has been connected to the INC and Lynx ransomware groups, indicating stolen Fortinet credentials will likely be used for future attacks. Over 73,000 credentials were exposed along with tools designed to intercept authentication data, revealing a sophisticated operation that targets Fortinet devices.