Dear All,
A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.
The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February, respectively.
https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/new-s...
https://www.bleepingcomputer.com/news/security/fortinet-discloses-second-firewall-auth-bypass-patche...
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
https://www.forescout.com/blog/new-ransomware-operator-exploits-fortinet-vulnerability-duo/
Kyaw Myo Oo
Information Security Program Manager , CB BANK PCL
CCIE #58769 | CISSP | PMP | CCSM | SAA-C03 | PCNSE