Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

    July 2, 2026

    Fans Furious as Netflix Uses AI to Bring Gene Wilder’s Voice Back From the Dead for Willy Wonka Reality Show

    July 2, 2026

    Dynadot domain registration service review

    July 2, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
    FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
    Cybersecurity

    FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks

    The Tech GuyBy The Tech GuyJuly 2, 2026No Comments3 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    FortiBleed, the large-scale credential-harvesting operation targeting organizations in 150 countries, has led to the deployment of INC Ransom and Lynx ransomware families, SOCRadar reports.

    Advertisement

    Uncovered in mid-June, FortiBleed has been targeting over 430,000 FortiGate firewalls for the deployment of a network sniffer dubbed FortigateSniffer to capture the traffic passing through them and extract cleartext credentials and password hashes for future compromise.

    The campaign is likely mounted by a Russian initial access broker aiming to gain access to Active Directory domains, steal sensitive information, and establish persistent access.

    FortiBleed has been ongoing since at least February, and the attackers are estimated to have compromised over 110 million credentials.

    Now, SOCRadar says it has observed scanning activity against roughly 11,250 FortiGate portals and that the attackers gained administrative access on 409 targets.

    The threat actor was observed completing the full attack chain on 354 targets, including compromising VPNs, accessing the domain controller, and gaining domain admin privileges.

    Advertisement. Scroll to continue reading.

    Of these, 12 incidents have resulted in ransomware deployment, with “hundreds of endpoints encrypted across affected organizations,” SOCRadar says.

    An operational security error by the attackers provided the cybersecurity company with visibility into their environment and with access to internal files, logs, and documentation.

    SOCRadar observed both an operator logged into both INC Ransom and Lynx ransomware negotiation panels, and overlaps between FortiBleed victims and INC targets, confirming that the same organizations were targeted in both operations.

    “Finding a single operator working both panels, using infrastructure traceable back to FortiBleed, is the clearest evidence yet that FortiGate credentials harvested through this campaign are being handed off, or used directly, for ransomware deployment,” SOCRadar notes.

    Analysis of an internal tracking document associated with FortiBleed suggests that the operation involves roughly 20 individuals, with some focused on high-impact intrusions and others providing technical support.

    “FortiBleed isn’t an isolated credential-theft operation sitting off to the side of the ransomware economy; it’s feeding directly into it. The same access broker infrastructure that quietly intercepted authentication traffic across hundreds of thousands of firewalls is connected, through a shared operator, to two of the more active ransomware brands operating today,” SOCRadar notes.

    INC Ransom emerged in mid-2023 and has been one of the most prolific ransomware-as-a-service (RaaS) operations. Lynx was likely released as an updated variant a year later.

    Related: BlueHammer Vulnerability Exploited in Ransomware Attacks

    Related: New ‘Mistic’ RAT Opens Door to Several Ransomware Families

    Related: Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

    Related: FBI: Cybercrime Losses Neared $21 Billion in 2025

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

    July 2, 2026

    Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors

    July 2, 2026

    Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack

    July 2, 2026

    Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

    July 1, 2026

    Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

    July 1, 2026

    Aflac Japan Data Breach Impacts 4.38 Million

    July 1, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026169 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 202690 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure

    July 2, 2026

    Fans Furious as Netflix Uses AI to Bring Gene Wilder’s Voice Back From the Dead for Willy Wonka Reality Show

    July 2, 2026

    Dynadot domain registration service review

    July 2, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.