Security researchers have discovered that hackers associated with the LockBit syndicate are utilizing vulnerabilities in Fortinet firewalls to deploy a custom ransomware termed "SuperBlack". Two specific vulnerabilities, CVE-2024-55591 and CVE-2025-24472, have been linked to these attacks, with Fortinet having released patches earlier this year. Notably, the attacks focus on encrypting sensitive data after exfiltration, which reflects a broader trend among ransomware operators. The group, referred to as Mora_001, displays similarities to LockBit, highlighting a possible connection between them.
Forescout's Sai Molige noted that attackers used exploits to selectively encrypt sensitive data after data exfiltration, reflecting a shift in ransomware tactics towards data theft.
According to Forescout, the attack uses Fortinet CVE-2024-55591 and CVE-2025-24472 vulnerabilities, indicating a serious threat to companies relying on these firewalls.
Collection
[
|
...
]