FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
Summary
Threat actors are exploiting a Fortinet firewall vulnerability, dubbed FortiBleed, to gain access to thousands of devices. These actors are reportedly collaborating with ransomware gangs such as Inc and Lynx, and are also leveraging a zero-day vulnerability in Nextcloud to monetize their access.
IFF Assessment
This article describes threat actors exploiting vulnerabilities to gain unauthorized access and monetize it, which is detrimental to cybersecurity defenders.
Defender Context
Defenders need to be aware of the FortiBleed vulnerability and ensure their Fortinet firewalls are patched. The collaboration between initial access brokers and ransomware gangs highlights a trend of sophisticated monetization of exploited vulnerabilities, requiring robust detection and response capabilities.