Mora_001 uses Fortinet flaws for SuperBlack ransomware

bleepingcomputer.com

A new ransomware group called 'Mora_001' is using two Fortinet vulnerabilities to access firewall systems and deploy a ransomware called SuperBlack. The vulnerabilities, CVE-2024-55591 and CVE-2025-24472, were disclosed by Fortinet earlier this year. Fortinet initially reported CVE-2024-55591 as exploited since November 2024. However, they later clarified that CVE-2025-24472 had not been exploited until Forescout researchers identified SuperBlack attacks in January 2025, leading Fortinet to update their advisory. Forescout found that SuperBlack shares similarities with LockBit ransomware, including a common encryption method and links to LockBit's operations. The attacks involve gaining admin privileges, stealing data, and encrypting files, followed by deploying a wiper tool to erase evidence.


With a significance score of 3.5, this news ranks in the top 13% of today's 16843 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 9000 minimalists.


loading...