FortiBleed Credential Theft Connected to INC and Lynx Ransomware
ID: c297c1c8-f93b-55e3-92ad-d7af652a1b90
STIX ID: report--c297c1c8-f93b-55e3-92ad-d7af652a1b90
Feed Name: HackRead
SOCRadar's investigation into the FortiBleed incident found a large credential-harvesting campaign targeting FortiGate firewalls that has been linked to ransomware-as-a-service operators INC Ransom and Lynx; researchers uncovered thousands of infected devices, persistent backdoor accounts (username “adminin”), evidence of ransomware deployment against several victims, and indications the attackers are now exploiting a Nextcloud zero-day to extend access, with full technical details and indicators to be published later.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
