New SuperBlack ransomware exploits Fortinet auth bypass flaws

New SuperBlack ransomware exploits Fortinet auth bypass flaws
Summary: A new ransomware group named ‘Mora_001’ is leveraging Fortinet vulnerabilities CVE-2024-55591 and CVE-2025-24472 to compromise firewall appliances and deploy their ransomware variant known as SuperBlack. This group utilizes a structured attack strategy, gaining high-level privileges and executing double extortion tactics. There are indications that SuperBlack is connected to LockBit operations through several shared methods and tools.

Affected: Fortinet firewall appliances

Keypoints :

  • Mora_001 exploits Fortinet’s vulnerabilities to gain unauthorized access and deploy SuperBlack ransomware.
  • The attack process involves gaining ‘super_admin’ privileges, creating administrator accounts, and executing lateral movement within the network.
  • Evident connections between SuperBlack and LockBit highlight similarities in encryption methods, ransom negotiation channels, and overlapping IP addresses.

Source: https://www.bleepingcomputer.com/news/security/new-superblack-ransomware-exploits-fortinet-auth-bypass-flaws/