Ransomware cyber

Fortinet

Mar 13, 2025 1 min read
Fortinet

The security of Fortinet's firewall appliances was compromised by a ransomware operator named 'Mora_001', who exploited two vulnerabilities (CVE-2024-55591 and CVE-2025-24472) to gain unauthorized access. These flaws allowed the attacker to gain 'super_admin' privileges, create new admin accounts, and execute a ransomware strain known as SuperBlack. The attacker used double extortion tactics, stealing data before encrypting files, and targeted critical servers and domain controllers. Additionally, a wiper called 'WipeBlack' was deployed to hinder forensic analysis. This incident exposed the company's clients to data leaks and financial consequences, while also revealing potential ties to the larger LockBit ransomware operation.

Source: https://www.bleepingcomputer.com/news/security/new-superblack-ransomware-exploits-fortinet-auth-bypass-flaws/

"id": "for252031325",
"linkid": "fortinet",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.