FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
FortiBleed is a large-scale credential-harvesting campaign that targeted FortiGate firewalls in 150 countries and led to ransomware deployment in some incidents. SOCRadar linked the stolen credentials to INC Ransom and Lynx activity, showing how the operation fed directly into follow-on intrusions and encryption attacks. #FortiBleed #FortiGate #INC_Ransom #Lynx

Keypoints

  • FortiBleed targeted more than 430,000 FortiGate firewalls worldwide.
  • The attackers used FortigateSniffer to capture traffic and steal cleartext credentials and password hashes.
  • SOCRadar estimates more than 110 million credentials were compromised.
  • The campaign gained administrative access on 409 targets and completed full intrusions on 354.
  • Stolen access was later used to deploy INC Ransom and Lynx on affected organizations.

Read More: https://www.securityweek.com/fortibleed-campaign-linked-to-inc-lynx-ransomware-attacks/