FortiBleed credential-theft campaign linked to Lynx ransomware

FortiBleed credential-theft campaign linked to Lynx ransomware
The FortiBleed campaign, which stole credentials from more than 73,000 Fortinet devices, has now been linked to the INC and Lynx ransomware operations. Investigators say the stolen Fortinet access data, traffic-sniffing tools, and exposed infrastructure were used to support broader intrusions and ransomware negotiations. #FortiBleed #Fortinet #INC #Lynx #FortiGate

Keypoints

  • FortiBleed exposed credentials from more than 73,000 Fortinet devices.
  • The operation used a custom FortiGate Sniffer tool to capture VPN credentials.
  • SOCRadar linked the infrastructure to INC and Lynx ransomware groups.
  • Researchers found evidence of access to ransomware negotiation panels.
  • The campaign targeted over 430,000 FortiGate firewalls and used hundreds of servers.

Read More: https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/