Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
SuperBlack Strikes: Russian Hackers Exploit Fortinet Flaws for Ransomware Mayhem!
Russian threat actor Mora_001 strikes again, exploiting Fortinet firewall vulnerabilities to unleash its SuperBlack ransomware. Forescout warns that Mora_001 is no amateur, showing ties to seasoned ransomware gangs and using a leaked LockBit builder. With a penchant for wreaking havoc, they’ve crafted a unique operational signature targeting high-value assets.
Hot Take:
Move over, Hollywood blockbuster villains, because Mora_001 is here to show us how to steal the spotlight with a captivating blend of espionage, tech wizardry, and a touch of digital drama. Who needs CGI when you have Fortinet vulnerabilities and a penchant for ransomware?
Key Points:
- Mora_001 is exploiting Fortinet firewall vulnerabilities to deploy ransomware dubbed SuperBlack.
- The group has co-opted the LockBit builder to develop their ransomware variant and has ties to known ransomware gangs.
- Exploits involve creating multiple admin accounts and downloading critical configuration files.
- Targets include high-value environments with a focus on data exfiltration before ransomware execution.
- SuperBlack ransomware drops a modified ransom note and employs a wiper named WipeBlack.
Already a member? Log in here