www.darkreading.com 7/2/2026, 8:12:18 PM · external

FortiBleed breach fuels ransomware risk for Inc and Lynx gangs

FortiBleed breach fuels ransomware risk for Inc and Lynx gangs
Developing story malware 4 articles tracked
FortiBleed credential harvesting campaign fuels ransomware attacks
CyberSIXT Evidence Panel
Primary Source socradar.io
Threat Actor
Inc

THE article discusses the collaboration between FortiBleed actors and ransomware gangs Inc and Lynx. Following a credential-harvesting operation involving thousands of Fortinet firewalls, the attackers are now leveraging this access for ransomware deployment. Research by SOCRadar indicates that credentials from FortiBleed are being used by the ransomware groups, creating a significant threat for victims. The FortiBleed campaign has compromised about 12,000 devices while targeting 430,000 FortiGate units globally.

Additionally, the attackers are exploiting a zero-day vulnerability in Nextcloud to enhance their access. Although widespread ransomware attacks have yet to be verified directly from FortiBleed compromises, there is a serious risk of pre-ransomware intrusions due to the compromised devices.

View Primary Source Via www.darkreading.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline