Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
FortiBleed Campaign Fuels Global Ransomware Operations

FortiBleed Campaign Fuels Global Ransomware Operations

Posted on July 2, 2026 By CWS

The FortiBleed campaign, a vast credential-stealing operation impacting organizations across 150 nations, has been linked to the deployment of INC Ransom and Lynx ransomware, according to a report from SOCRadar.

FortiBleed’s Global Impact

Initially discovered in June, FortiBleed has targeted more than 430,000 FortiGate firewalls. The attackers employ a network monitor known as FortigateSniffer to intercept traffic and capture plaintext credentials and password hashes, paving the way for further compromises.

The campaign is believed to be orchestrated by a Russian access broker. Their objective is to infiltrate Active Directory domains, exfiltrate confidential data, and maintain continuous access to compromised networks.

Scale and Scope of the Attack

Active since February, FortiBleed is estimated to have compromised over 110 million credentials. Recent observations by SOCRadar indicate scanning activities against around 11,250 FortiGate portals, with attackers securing administrative privileges on 409 instances.

The full attack sequence was completed on 354 targets, involving VPN breaches, domain controller access, and domain admin rights acquisition. Among these, 12 incidents culminated in ransomware deployment, encrypting numerous endpoints within affected entities.

Operational Insights and Future Threats

An operational security lapse by the attackers allowed SOCRadar to gain insight into their system, accessing internal files and logs. The firm identified an operator managing both the INC Ransom and Lynx ransomware negotiation platforms, linking FortiBleed victims to these ransomware attacks.

The discovery of a common operator using infrastructure traceable to FortiBleed confirms that credentials harvested are directly facilitating ransomware operations. Analysis suggests the involvement of about 20 individuals, with roles spanning high-impact intrusions to technical support.

SOCRadar highlights that FortiBleed is not a standalone credential-theft campaign, but rather a critical component feeding into the broader ransomware ecosystem. The infrastructure that intercepted authentication data across numerous firewalls is connected to two prominent ransomware brands through shared operatives.

INC Ransom, appearing in mid-2023, quickly became a leading ransomware-as-a-service platform, with Lynx emerging later as an enhanced version. As these threats evolve, organizations must remain vigilant and enhance their cybersecurity measures to mitigate potential risks.

Security Week News Tags:Active Directory, credential harvesting, cyber threats, Cybercrime, Cybersecurity, FortiBleed, FortiGate firewalls, INC Ransom, Lynx ransomware, network security, Ransomware, ransomware-as-a-service, Russian hackers, SOCRadar

Post navigation

Previous Post: Adapting Identity Management for AI Agents
Next Post: Cyberattackers Bypass Security to Steal Credentials

Related Posts

EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China Security Week News
Thousands of Secrets Leaked on Code Formatting Platforms Thousands of Secrets Leaked on Code Formatting Platforms Security Week News
TrendAI Fixes Exploited Apex One Vulnerability TrendAI Fixes Exploited Apex One Vulnerability Security Week News
Police in Brazil Arrest a Suspect Over 0M Banking Hack Police in Brazil Arrest a Suspect Over $100M Banking Hack Security Week News
Fortinet Issues Urgent Patch for Zero-Day Vulnerability Fortinet Issues Urgent Patch for Zero-Day Vulnerability Security Week News
Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Optimizing AI Software Audits for Enhanced Security
  • Umbrij Malware Exploits OAuth for Gmail Access
  • Cyberattackers Bypass Security to Steal Credentials
  • FortiBleed Campaign Fuels Global Ransomware Operations
  • Adapting Identity Management for AI Agents

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Optimizing AI Software Audits for Enhanced Security
  • Umbrij Malware Exploits OAuth for Gmail Access
  • Cyberattackers Bypass Security to Steal Credentials
  • FortiBleed Campaign Fuels Global Ransomware Operations
  • Adapting Identity Management for AI Agents

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark