FortiBleed credential-theft campaign linked to Lynx ransomware
ID: fe37d094-9093-5d6f-8a25-289a73bb145f
STIX ID: report--fe37d094-9093-5d6f-8a25-289a73bb145f
Feed Name: Bleeping Computer
SOCRadar's research links the large-scale 'FortiBleed' credential-theft campaign — which exfiltrated FortiGate configs and credentials from tens of thousands of devices via a custom packet sniffer and exposed a server containing creds from 73,000+ devices — to the INC and Lynx ransomware operations; the investigation uncovered extensive infrastructure (hundreds of servers), persistent backdoor accounts, evidence of credential-stuffing/cracking activity, overlap with ransomware victim lists, and possible exploitation of a Nextcloud zero-day.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
