Hackers exploit Fortinet bugs to deploy ransomware
Hackers linked to the LockBit gang are exploiting two vulnerabilities in Fortinet firewalls to deploy ransomware called "SuperBlack." Security researchers from Forescout reported that the group, named Mora_001, has been active since December 2024. Fortinet released patches for these vulnerabilities in January. However, Mora_001 is still targeting companies that have not updated their systems. The attacks involve encrypting sensitive data after it has been stolen. Forescout noted that Mora_001 shows operational ties to LockBit, suggesting a possible connection or shared methods. The ransom notes used in these attacks resemble those from other ransomware groups.