LockBit targets Fortinet firewall vulnerabilities for attacks

Cybersecurity experts report that the LockBit ransomware group is targeting vulnerabilities in Fortinet firewalls. Two specific flaws, identified as CVE-2024-55591 and CVE-2025-24472, have been exploited to deploy a new variant of ransomware named SuperBlack. These vulnerabilities were fixed in January 2025, making it crucial for users to update their systems immediately to prevent attacks. Researchers from Forescout have observed that a group named "Mora_001" is behind these attacks. They suspect this group might be affiliated with LockBit due to similarities in their methods. The SuperBlack strain appears to be related to features from previous LockBit versions, particularly LockBit 3.0. Notable evidence includes the use of the same ransom note address in both attacks. Forescout has confirmed at least three victims of these ransomware attacks but indicates there may be more yet to be discovered. LockBit has been a significant threat in the ransomware landscape. Last year, the FBI disrupted its operations, seizing important resources and decryption keys, which led to a decline in the group's effectiveness. Despite this setback, it seems some former LockBit affiliates have joined other ransomware groups following the FBI's crackdown. The ongoing targeting of Fortinet vulnerabilities highlights the importance of maintaining updated security to defend against evolving cyber threats.