Theregister
FortiBleed Campaign Links Credential Theft to Ransomware Operations
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The FortiBleed campaign has been linked to two ransomware groups, INC Ransom and Lynx, through an operational security lapse that revealed one actor's simultaneous access to both groups' negotiation panels. This campaign targeted over 430,000 Fortinet firewalls, successfully harvesting credentials from at least 30,000 devices. Researchers confirmed admin-level access on 409 targets, with ransomware deployment occurring on 12 of those. The attack exploited SSL VPN authentication hashes, utilizing a 45-GPU cluster for cracking. The findings indicate that FortiBleed is not merely a credential theft operation but a precursor to ransomware attacks, significantly raising the stakes for organizations using FortiGate infrastructure.
Key Points: • FortiBleed campaign linked to ransomware groups INC Ransom and Lynx. • Over 430,000 Fortinet firewalls targeted, with credentials harvested from 30,000 devices. • At least 12 ransomware deployments confirmed from FortiBleed access.