Ransomware cyber

Fortinet

Mar 22, 2025 1 min read
Fortinet

Fortinet experienced a targeted cyber attack wherein the SuperBlack ransomware operators exploited vulnerabilities in Fortinet firewalls. Leveraging the CVE-2024-55591 and CVE-2025-24472 vulnerabilities, attackers obtained super-admin access to Fortinet appliances, executing rapid deployment of the ransomware within 48 hours. Attackers established persistent access and prepared the ground for further intrusions by creating deceptive local VPN accounts and targeting high-value assets for data exfiltration before deploying the ransomware. The SuperBlack ransomware not only encrypts the data but includes a wiper component, WipeBlack, which eradicates traces of the ransomware activity post-encryption, complicating forensic and recovery efforts.

Source: https://securityaffairs.com/175402/cyber-crime/superblack-ransomware-exploited-fortinet-firewall-flaws.html

"id": "for001032225",
"linkid": "fortinet",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.