🟠 High  |  Source: The Register — Security


Security researchers analysing logs from the FortiBleed exploitation campaign have identified an operational security failure that links at least one individual to both the INC and Lynx ransomware gangs simultaneously. The discovery was made by tracing login artefacts that exposed overlapping activity between the two groups. This matters because it suggests tighter affiliations between ransomware-as-a-service operations than previously understood, with potential implications for attribution and threat intelligence.

Security Architect’s Take: Review your Fortinet VPN and firewall logs for indicators of compromise associated with both INC and Lynx ransomware groups, as shared affiliates may have accessed your environment under assumptions tied to only one threat actor. Ensure your threat intelligence feeds and SIEM detection rules account for cross-gang affiliate overlap rather than treating each group in isolation.

Original advisory: Ctrl+Alt+Oops: FortiBleed criminal’s logins stitch two gangs together