logo

Ctrl+Alt+Oops: FortiBleed criminal's logins stitch two gangs together

ID: 62c401f7-1f97-5881-acc2-f8eff1e4f6b3

STIX ID: report--62c401f7-1f97-5881-acc2-f8eff1e4f6b3

Feed Name: The Register (Security)

Threat Score
80/100

Date Published: 2026-07-02

Date Updated: 2026-07-02

...
...

Researchers linked the widespread FortiBleed credential-harvesting campaign to active ransomware operations after discovering an access broker operator logged into both INC and Lynx affiliate panels; attackers intercepted VPN authentication hashes, cracked them with a 45-GPU cluster, gained admin access to hundreds of FortiGate environments, and on hundreds of targets executed full attack chains leading to domain controller and domain admin compromise, with high-profile organizations among the suspected victims.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.