Intel Name: New ransomware operator exploits fortinet vulnerability duo
Date of Scan: March 18, 2025
Impact: High
Summary:
A new ransomware operator, Mora_001, has been exploiting two Fortinet vulnerabilities, particularly targeting Fortigate firewall appliances, to deploy a ransomware strain named SuperBlack. Mora_001 is linked to the LockBit ransomware ecosystem and uses a combination of opportunistic attack methods. This operator’s tactics, techniques, and procedures (TTPs) highlight the increasing complexity of modern ransomware, where different teams collaborate to enhance their attack capabilities. The report outlines detection and mitigation strategies and emphasizes the evolving nature of these threats.
