Summary: A new ransomware operation named Mora_001 is exploiting two vulnerabilities in Fortinet products linked to the LockBit group. The operation has led to the deployment of a ransomware strain called SuperBlack, which takes advantage of security weaknesses in Fortigate firewall appliances. Researchers warn that threat actors are targeting organizations that have not applied necessary patches to these vulnerabilities.
Affected: Fortinet products (specifically Fortigate firewall appliances)
Keypoints :
- Vulnerabilities CVE-2024-55591 and CVE-2025-24472 are exploited by Mora_001, a ransomware group associated with LockBit.
- The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent patching directive for CVE-2024-55591.
- New ransomware strain ‘SuperBlack’ resembles LockBit 3.0 but features modified ransom notes and exfiltration methods.
- Many organizations remain vulnerable due to delayed patch application, increasing the threat from Mora_001.
Source: https://therecord.media/mora001-ransomware-gang-exploiting-vulnerability-lockbit