FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
ID: bd1a332f-6770-556a-a634-11f52afb070d
STIX ID: report--bd1a332f-6770-556a-a634-11f52afb070d
Feed Name: Dark Reading
SOCRadar uncovered a large-scale FortiGate credential-harvesting campaign dubbed “FortiBleed” that installed a Golang-based sniffer on thousands of firewalls, enabling an IAB operation to collect admin credentials and sell or hand off access to ransomware groups (Inc and Lynx). Researchers reported ~430,000 FortiGate devices targeted, ~12,000 compromised with the sniffer, admin-level access on 409 targets (full domain compromise on 354), at least 12 confirmed ransomware deployments, and exploitation of an undisclosed Nextcloud zero-day to expand access.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
