Researchers report that the FortiBleed campaign, a financially motivated effort focused on stealing credentials from Fortinet FortiGate devices, is linked to the INC and Lynx ransomware operations. Across coverage, investigators describe FortiBleed as harvesting large volumes of verified login information from “hundreds of thousands” of exposed or compromised FortiGate firewalls. The stolen credentials are said to be actively used as part of follow-on access, rather than remaining only as standalone data theft. Security analysts also point to operational connections between FortiBleed infrastructure and the ransomware groups, including findings that an operator associated with the campaign is involved in activity tied to both INC and Lynx. This connection suggests the credentials support later intrusion steps, enabling attackers to access internal networks, expand privileges, or reach systems needed for ransomware deployment. The reporting emphasizes that the campaign’s scale and the verification of credentials make it valuable for subsequent attacks, while the attributed links indicate coordination or shared infrastructure between the credential-theft activity and ransomware operations.
FortiBleed campaign linked to INC and Lynx ransomware operations
Researchers report that the FortiBleed campaign, a financially motivated effort focused on stealing credentials from Fortinet FortiGate devices, is linked to the INC and Lynx ransomware operations. Ac...
- Researchers say FortiBleed steals verified credentials from Fortinet FortiGate firewalls.
- Reported victims number in the hundreds of thousands of FortiGate devices.
- Coverage links FortiBleed infrastructure to the INC ransomware operation.
- Coverage also links FortiBleed activity to the Lynx ransomware operation.
- The stolen credentials are described as being used to enable follow-on intrusions and ransomware attacks.
Researchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on SecurityWeek.
2 hours agoThe recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment
6 hours agoThe massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. [...]
17 hours ago
Sony goes offline on social media for a day after announcing end to physical game production
Sony appears to have paused activity across its social media accounts following a public announcement about stopping phy...
Beijing authorities say pilot who crashed into CITIC Tower wrote about ending his life
Chinese authorities say the pilot who died after crashing a small aircraft into Beijing’s CITIC Tower wrote in a diary a...
US Embassy in Abuja and Lagos Consulate close July 3 for Independence Day
The United States Embassy in Abuja and the Consulate General in Lagos will be closed on Friday, July 3, 2026, in observa...