Ctrl+Alt+Oops: FortiBleed criminal's logins stitch two gangs together

https://image.theregister.com/5256503.jpg?imageId=5256503&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Researchers scoured logs, finding opsec fail for at least one person who was working with INC and Lynx simultaneously

Security sleuths say last month’s FortiBleed campaign is tied to two separate ransomware groups, after they found evidence of one initial access broker group member logged in to two affiliate panels.

SOC Radar’s Threat Research Unit (STRU) said at least one of the group’s 20 members was actively negotiating with victims, which it believes signals a direct link between the thousands of FortiBleed victims and the ransomware ecosystem.

STRU spent weeks mapping FortiBleed’s infrastructure across hundreds of servers after the attack was disclosed. Due to an opsec failure in one of these servers, the team gained visibility into the IAB group’s internal files and logs, revealing that one of the individuals was logged into the affiliate panels of both the INC Ransom and Lynx ransomware groups.

“Finding a single operator working...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE