THE article discusses the collaboration between FortiBleed actors and ransomware gangs Inc and Lynx. Following a credential-harvesting operation involving thousands of Fortinet firewalls, the attackers are now leveraging this access for ransomware deployment. Research by SOCRadar indicates that credentials from FortiBleed are being used by the ransomware groups, creating a significant threat for victims. The FortiBleed campaign has compromised about 12,000 devices while targeting 430,000 FortiGate units globally.
Additionally, the attackers are exploiting a zero-day vulnerability in Nextcloud to enhance their access. Although widespread ransomware attacks have yet to be verified directly from FortiBleed compromises, there is a serious risk of pre-ransomware intrusions due to the compromised devices.