BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

FortiBleed Credentials Linked to Ransomware Attacks

FortiBleed campaign linked to INC and Lynx ransomware, deploys malware after credential theft.

  • Credential theft campaign FortiBleed is now linked to INC and Lynx ransomware operations, with stolen data used for follow-on attacks.
  • Threat actors targeted ~11,250 FortiGate portals, gained admin access to 409, and caused ransomware deployments on at least 12 organizations, encrypting hundreds of endpoints.
  • The operation is run by a Russian-speaking group of about 20 people and has also potentially exploited a zero-day in Nextcloud.
  • Separately, attackers are exploiting a Fortinet flaw (CVE-2026-35616) to deploy EKZ Stealer against energy sector targets.

A recently exposed cyber-espionage campaign, first discovered in mid-2026, has been definitively linked to ransomware syndicates, directly connecting mass credential theft to cyber extortion. Dubbed FortiBleed, this financially-motivated operation targeted hundreds of thousands of Fortinet devices worldwide to harvest over 110 million credentials for follow-on intrusions.

- Advertisement -

SOCRadar said an operator tied to the campaign’s infrastructure was found actively working negotiation panels for both the INC and Lynx ransomware groups. Consequently, threat actors scanned approximately 11,250 FortiGate portals and confirmed admin-level access on 409 targets, successfully completing the attack chain on 354 of them.

This access resulted in at least 12 ransomware deployments, which encrypted hundreds of endpoints across affected organizations. The large-scale operation involved deploying custom packet sniffers on compromised devices to passively gather authentication data from network traffic.

Tooling and logs indicate the activity is the work of a Russian-speaking threat actor operating as an initial access broker. An internal document suggests it’s an organized operation comprising about 20 people with a clear division of labor, “A small core of lead operators drives most high-impact intrusions, backed by specialists and support staff.”

Furthermore, the threat actors are believed to be in possession of at least one zero-day vulnerability in Nextcloud. Meanwhile, eSentire observed separate actors exploiting a flaw in Fortinet FortiClient EMS (CVE-2026-35616) to deploy EKZ Stealer against a customer in the energy sector.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Micron Stock Plunges Below $1000 Amid AI Sell-Off

Micron Technology, Inc (MU) stock plunged over 10% on July 1, 2026, with an...

Robinhood AI sets Guinness World Record

Robinhood set a new Guinness World Record for the most items purchased by an...

CISA Flags Actively Exploited Microsoft SharePoint Flaw

The U.S. CISA has flagged a high-severity Microsoft SharePoint flaw, CVE-2026-45659, as actively exploited,...

2026 Stock Outlook Bullish on Strong Earnings, AI Boom

The S&P 500 is up over 7% through late June 2026, with the second-half...

Robinhood expands to Europe with leveraged futures

Robinhood is expanding its European derivatives, offering perpetual futures on traditional assets like commodities...

Must Read

Ethereum Hosting: TOP 10 Companies to Buy Hosting With Ethereum

If you are looking for Ethereum Hosting, you've hit the jackpot. In this article, we will present the 10 Best companies to buy hosting...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading