<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

FortiBleed Campaign Linked to Inc and Lynx Ransomware Gangs

FortiBleed campaign hits 12,000+ Fortinet devices, linked with ransomware gangs, exploiting Nextcloud zero-day. Urgent security alert.
Content Team

The threat actors behind FortiBleed — a massive credential-harvesting campaign targeting Fortinet FortiGate firewalls — are now confirmed working with Inc Ransom and Lynx ransomware gangs. SOCRadar researchers caught a single operator logged into both groups' ransom negotiation panels while using infrastructure tied directly to FortiBleed.

The campaign has compromised roughly 12,000 active FortiGate devices, with credentials stolen from over 30,000. Of 409 targets where attackers gained admin access, 354 saw the full attack chain executed — VPN breach, domain controller access, domain admin. At least 12 ransomware deployments have been confirmed. SOCRadar also flagged an unpatched Nextcloud zero-day being actively exploited by the same group.

Source: Dark Reading

Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo