Researchers have linked the FortiBleed campaign to INC and Lynx ransomware operations while also examining whether a suspected zero-day vulnerability played a role.
A credential-harvesting campaign tied to FortiGate devices shows how edge access can be repurposed into a ransomware foothold, even without a flashy new exploit.
A credential-theft campaign around FortiGate devices has been linked to INC and Lynx activity, underscoring how edge access can be repurposed for extortion.
A Fortinet credential-harvesting campaign known as FortiBleed highlights how stolen perimeter access can matter more than a new exploit.
The real warning in this campaign is not the ransomware label itself, but the mix of trusted binaries, remote management software, and cloud transfer tools that can make theft look like routine administration.
INC’s latest pressure play combines encryption, stolen data, and printer-delivered ransom notes, showing how extortion now reaches beyond malware into internal communications.
INC’s growth highlights a hard truth in cybercrime: when one ransomware brand is disrupted, affiliates do not vanish, they often move.