Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Ransomware Rampage: SuperBlack Exploits Fortinet Flaws Faster Than You Can Say “Patch”
The SuperBlack ransomware operators exploited vulnerabilities in Fortinet firewalls, giving them super-admin access and rapid control. Mora_001, the threat actor behind this, displays a unique operational signature yet hints at a LockBit connection. With a swift attack strategy and modified ransomware, they highlight the escalating complexity of ransomware operations today.
Hot Take:
Looks like Mora_001 is taking their Fortinet hacking skills to the next level, but not without a few identity issues. Are they LockBit’s rebellious cousin or just phishing for compliments? Either way, their “SuperBlack” brand of ransomware sure knows how to make an entrance—and an exit, thanks to their trusty WipeBlack wiper! Maybe it’s time Fortinet considered inviting them to their next patch party.
Key Points:
- SuperBlack ransomware operators exploited vulnerabilities in Fortinet firewalls to launch attacks.
- The threat actor, Mora_001, is suspected to be linked to the LockBit ecosystem but acts independently.
- Exploited Fortinet vulnerabilities CVE-2024-55591 and CVE-2025-24472 to gain super-admin privileges.
- Mora_001 used modified versions of the LockBit builder and implemented distinct operational tactics.
- SuperBlack ransomware includes a wiper component, WipeBlack, to erase traces of its activities.
Already a member? Log in here