Fortinet Users Are The Target Of An Actor Associated With LockBit Ransomware.

Three actors have been deploying super black ransomware since January by taking advantage of two Fortinet vulnerabilities identified as CVE-2024-5591 and CVE-2025-24472. According to researchers at forescout Research-Vedere Labs, the threat actor known as " Mora_001 " is thought to be behind the attacks that make use of Russian Language artifacts and other traits. Mora_001 is gaining super administrator access to susceptible Fortinet products by taking use of the two flaws in FortiOS and FortiProxy.

The researchers pointed out that because of it's operation signature, the threat actor might be connected to the LockBit ecosystem. Mora_001's similar Post Exploitation habits, ransomware Customisation, and ransom note which has identical TOX ID that LockBit uses all point to it's connections to ongoing ransomware outfit Look it is among the World's most lucrative cybercrime groups. When the group's own leak site was used to make public arrests made in several countries, details about the threat actors, and it's decryption keys, Worldwide Law enforcement disrupted the group in February 2024.

Since then, the ransomware gang has been quite active. In June 2024, one of it's freelance hackers was jailed for helping the group, while in late 2024, operation Cronos resulted in the arrest of four more group members and the seizure of their devices. This past December, one of it's developers was also detained in Israel for his involvement in the creation of the ransomware and other technologies that it's affiliates employed. Given that the US has the most exposed FortiGate firewalls, followed by India and Brazil, forescout researchers are new strongly advitising enterprises to take precautions against this threat actors.

" To mitigate these threats, organizations must adopt a defense indepth approach by properly segmenting networks and implement layered security controls that can limit attackers' ability to achieve their objectives," the investigators stated. To stop vulnerabilities from being exploited, Fortinet Users should patch susceptible systems, limit management access, audit administrator accounts, check automation settings, check VPN users, and enable thorough logging.