FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

Summary

The FortiBleed campaign, which steals credentials from FortiGate devices, has been linked to the INC and Lynx ransomware operations. Stolen credentials are being used for further intrusions and ransomware deployment.

IFF Assessment

FOE

This article details a credential theft operation that directly fuels ransomware attacks, representing a significant threat to defenders.

Defender Context

Defenders should be aware of the FortiBleed campaign's capabilities and its association with active ransomware groups. This highlights the importance of securing network edge devices like FortiGates and monitoring for signs of credential compromise, as stolen credentials can lead to further network intrusion and significant damage.

Read Full Story →