FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
Summary
The FortiBleed campaign, which steals credentials from FortiGate devices, has been linked to the INC and Lynx ransomware operations. Stolen credentials are being used for further intrusions and ransomware deployment.
IFF Assessment
FOE
This article details a credential theft operation that directly fuels ransomware attacks, representing a significant threat to defenders.
Defender Context
Defenders should be aware of the FortiBleed campaign's capabilities and its association with active ransomware groups. This highlights the importance of securing network edge devices like FortiGates and monitoring for signs of credential compromise, as stolen credentials can lead to further network intrusion and significant damage.