Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Mora_001 Strikes: Fortinet Vulnerabilities Exploited in SuperBlack Ransomware Attack Spree
Mora_001 ransomware is exploiting Fortinet vulnerabilities to deploy SuperBlack ransomware. The attack chain includes gaining ‘super_admin’ privileges and creating admin accounts. While SuperBlack operates independently, evidence links it to LockBit ransomware through shared tools, payload structure, and IP addresses. Fortinet’s vulnerabilities CVE-2024-55591 and CVE-2025-24472 are central to these breaches.
Hot Take:
Looks like Mora_001 is the newest kid on the block, and they’re already the talk of the town! With a penchant for exploiting Fortinet’s vulnerabilities, it’s safe to say they’re not on Santa’s “nice” list this year. Let’s hope Fortinet and friends can patch things up before SuperBlack becomes the new black in the ransomware fashion scene.
Key Points:
- Mora_001 is exploiting two Fortinet vulnerabilities (CVE-2024-55591 and CVE-2025-24472) to deploy SuperBlack ransomware.
- SuperBlack ransomware attacks follow a structured attack chain, involving credential theft and double extortion.
- There are strong links between SuperBlack and the notorious LockBit ransomware operation.
- Forescout researchers identified SuperBlack attacks, leading to Fortinet updating their advisory.
- Custom-built wiper, WipeBlack, is used to erase traces of the ransomware post-attack.
Already a member? Log in here