FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
FortiBleed, the large-scale credential-harvesting operation targeting organizations in 150 countries, has led to the deployment of INC Ransom and Lynx ransomware families, SOCRadar reports.
Uncovered in mid-June, FortiBleed has been targeting over 430,000 FortiGate firewalls for the deployment of a network sniffer dubbed FortigateSniffer to capture the traffic passing through them and extract cleartext credentials and password hashes for future compromise.
The campaign is likely mounted by a Russian initial access broker aiming to gain access to Active Directory domains, steal sensitive information, and establish persistent access.
FortiBleed has been ongoing since at least February, and the attackers are estimated to have compromised over 110 million credentials.
Now, SOCRadar says it has observed scanning activity against roughly 11,250 FortiGate portals and that the attackers gained administrative access on 409 targets.
The threat actor was observed completing the full attack chain on 354 targets, including compromising VPNs, accessing the domain controller,...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE