logo

FortiBleed Credential Theft Connected to INC and Lynx Ransomware

ID: c297c1c8-f93b-55e3-92ad-d7af652a1b90

STIX ID: report--c297c1c8-f93b-55e3-92ad-d7af652a1b90

Feed Name: HackRead

Threat Score
85/100

Date Published: 2026-07-02

Date Updated: 2026-07-02

Author: Waqas

...
...

SOCRadar's investigation into the FortiBleed incident found a large credential-harvesting campaign targeting FortiGate firewalls that has been linked to ransomware-as-a-service operators INC Ransom and Lynx; researchers uncovered thousands of infected devices, persistent backdoor accounts (username “adminin”), evidence of ransomware deployment against several victims, and indications the attackers are now exploiting a Nextcloud zero-day to extend access, with full technical details and indicators to be published later.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.