Security Experts Identify New LockBit Variant in Active AttacksA potential affiliate has exploited two Fortinet vulnerabilities for deploymentThis variant shares several similarities with LockBit 3.0

Cybersecurity specialists have issued alerts regarding a new strain of ransomware, linked to LockBit affiliates, which is currently targeting organizations by exploiting security weaknesses in Fortinet systems.

Researchers from Forescout have discovered that the threat actor is taking advantage of two known vulnerabilities within Fortinet firewalls, designated as CVE-2024-55591 and CVE-2025-24472. These vulnerabilities have previously been reported and were addressed with security patches in January 2025. Keeping Fortinet firewalls updated is the most effective defense against such threats.

Confirmed Victims

Forescout has identified the group behind these attacks as “Mora_001.” The overlap of tactics, techniques, and procedures (TTP) with LockBit indicates a strong possibility that this group operates as an affiliate of LockBit.

Reports suggest that the SuperBlack ransomware variant is constructed using a builder associated with previous LockBit 3.0 incidents, which had previously been leaked. Additionally, both the ransomware and LockBit attacks utilize the same communication method in their ransom notes.

In an interview with TechCrunch, Sai Molige, a senior manager of threat hunting at Forescout, confirmed at least three documented attack cases, while also noting the potential for additional, undisclosed incidents.

LockBit has historically been one of the most impactful ransomware entities. However, following a significant crackdown by the FBI in late February 2024, the group faced considerable setbacks. Authorities managed to seize its website and the associated data, obtaining thousands of decryption keys in the process.

Information concerning LockBit’s affiliates—estimated to total around 200 groups—was also acquired, during which law enforcement urged these affiliates to make themselves known. Furthermore, in February of this year, the alleged bulletproof hosting service provider linked to LockBit received sanctions from both the United States and the United Kingdom.

Although LockBit managed to resume its operations approximately a week after the crackdown, it is speculated that many of its affiliates may have shifted their focus to other malicious groups, including RansomHub and Medusa.

Related Insights

Source
www.techradar.com

LockBit Ransomware Hackers Target Vulnerabilities in Fortinet Firewalls

Confirmed Victims

Related Insights

Russian Regulators Attempt to Seize World of Tanks Assets

Panasonic’s Affordable Wireless Earbuds Deliver the Open Ear Style I Love

China Employs Gravitational Slingshots to Recover Two Satellites Trapped in Orbit for 123 Days

White House Budget Office “Unresponsive” to Investigations Regarding Frozen Funds, GAO Report Reveals

Classic Crepes Suzette with a Vibrant Twist Using This Everyday Ingredient!

Taylor Swift Appears Youthful in 2015 Snapshot with Ed Sheeran

Breaking news

Tamannaah’s ‘Nasha’ Won’t Affect Raid 2 Certification, Producers Clarify: ‘Not a Marketing Strategy’ | Exclusive

Wisconsin Judge Suspended by State Supreme Court Following Federal Immigration Charges

President Donald Trump Warns of Significant Tax Hikes If His Budget Bill Doesn’t Pass

Calgary Police Identify Victim in Fatal Weekend Stabbing Outside Beltline Nightclub

Ajay Devgn Slashed His Fee for Dhamaal 4, Says Bhushan Kumar: ‘He’s a Producer’s Actor’ | Exclusive

Hegseth announced plans to eliminate “woke” initiative enacted by Trump in 2017.

NFL Draft: NFL Legend Criticizes Shedeur Sanders Following Draft Slide