FortiBleed IAB Collaboration with Inc and Lynx Ransomware Gangs
Key Questions
What ransomware groups is FortiBleed linked to?
FortiBleed has been directly linked to Inc and Lynx ransomware operations, with evidence of operator activity in ransom panels and at least 12 confirmed deployments. The group is also exploiting a Nextcloud zero-day.
How many devices has FortiBleed compromised?
The initial access broker has sniffed 19,000 devices and fully compromised 354. This marks an escalation from credential harvesting to full ransomware attacks.
What is the market impact of FortiBleed's activities?
The collaboration increases risk for Fortinet users and validates the IAB-to-ransomware pipeline as a key concern. It highlights growing supply chain and zero-day exploitation trends among ransomware groups.
FortiBleed initial access broker now directly linked to Inc and Lynx ransomware operations, with evidence of operator activity in ransom panels and at least 12 confirmed ransomware deployments. Also exploiting a Nextcloud zero-day. 19,000 devices sniffed, 354 fully compromised. This escalates the threat from credential harvesting to full ransomware attacks. Market signal: increased risk for Fortinet users, validates IAB-to-ransomware pipeline as key market concern.