FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

Summary

Credentials harvested from hundreds of thousands of FortiGate firewalls through a campaign dubbed "FortiBleed" are being actively utilized by the INC and Lynx ransomware operations to facilitate their attacks. This indicates a widespread compromise of FortiGate devices leading to further malicious activity.

IFF Assessment

FOE

The article describes an ongoing campaign leveraging compromised FortiGate firewall credentials to launch ransomware attacks, which is negative news for defenders.

Defender Context

Defenders must prioritize the security of their network perimeter devices, such as FortiGate firewalls, by implementing robust patching policies, strong unique credentials, and multi-factor authentication. Organizations should investigate any potential exposure to the 'FortiBleed' campaign and monitor for indicators of compromise related to INC and Lynx ransomware groups to prevent or mitigate attacks leveraging stolen credentials.

Read Full Story →