Fortinet firewall bugs are being targeted by LockBit ransomware hackers

Security pros spot a new LockBit variant in the wild
A potential affiliate abused two Fortinet flaws to deploy the encryptor
There are multiple overlaps with LockBit 3.0

LockBit affiliates are using vulnerable Fortinet endpoints to target businesses with an updated ransomware strain, experts have warned.

Cybersecurity researchers at Forescout found the threat actor is using two vulnerabilities in Fortinet firewalls, tracked as CVE-2024-55591, and CVE-2025-24472, to deploy an updated ransomware strain named SuperBlack.

Both vulnerabilities had been used in the past before, and both were patched in January 2025 – so the best way to defend against the attacks is to make sure your Fortinet firewalls are up to date.

At least three victims

Forescout named the group running the attacks “Mora_001”. Since there are some overlaps in its tactics, techniques, and procedures (TTP) with LockBit, the researchers believe the group could be a LockBit affiliate.

Apparently, SuperBlack is based on the builder that was used in LockBit 3.0 attacks, and which leaked in the past. Furthermore, the ransom note in both LockBit and Mora_001 attacks uses the same messaging address.

Speaking to TechCrunch, senior manager of threat hunting at Forescout, Sai Molige, said there were at least three confirmed cases, but added that “there could be others”.

LockBit was one of the most disruptive and influential ransomware groups around, however, in late February 2024, it was struck by the FBI, and it never fully recovered. The law enforcement seized its website, the data it held, and obtained “thousands” of decryption keys.

It also obtained information about its affiliates which, at the time, counted around 200 groups, and later urged the affiliates to come forward. In February this year, the bulletproof hosting service provider, allegedly used by LockBit, was sanctioned by the US and the UK.

LockBit took roughly a week to get back on its feet and resume operations, but it is possible that many of its affiliates pivoted to other groups, such as RansomHub or Medusa.

https://cdn.mos.cms.futurecdn.net/cJtFPyQYv7tobzbzvGKgSX-1200-80.jpg

Source link

Selling out: Samsung’s incredible Galaxy S25 Ultra deal is still up for grabs – get $300 off upfront or a $900 trade rebate

Exclusive: the new KontrolFreek Call of Duty Performance Thumbsticks Speed Cola Edition might be the coolest looking yet and come with a limited in-game...

Prime Video’s hit new historical drama will continue its reign for another season as House of David gets renewed

ExpressVPN ‘reduces workforce’ for the second time in two years

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Trump’s tariffs and policies are putting America’s economy at risk: Consumer Technology Association CEO

David Novak to chair SpinCo board after Comcast spin-off

Europe targets Apple and Google in antitrust crackdown, risking fresh Trump tariff clash

Poland stocks lower at close of trade; WIG30 down 0.44%

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Fortinet firewall bugs are being targeted by LockBit ransomware hackers

Selling out: Samsung’s incredible Galaxy S25 Ultra deal is still up for grabs – get $300 off upfront or a $900 trade rebate

Trump’s tariffs and policies are putting America’s economy at risk: Consumer Technology Association CEO

Exclusive: the new KontrolFreek Call of Duty Performance Thumbsticks Speed Cola Edition might be the coolest looking yet and come with a limited in-game...

David Novak to chair SpinCo board after Comcast spin-off

Leave a reply Cancel reply