Skip to content

FortiBleed: Stolen Fortinet Credentials Linked to Lynx Ransomware

Bottom line: Stolen Fortinet credentials from FortiBleed are demonstrably being used by ransomware groups for network penetrations.

Security researchers have connected the extensive FortiBleed campaign, which stole Fortinet login credentials, to ransomware operations INC and Lynx. This suggests that the stolen credentials were intended for future network intrusions.

The FortiBleed campaign has extracted massive volumes of Fortinet access credentials. Security research now shows a direct connection between these stolen credentials and ransomware groups INC and Lynx, which appear to be leveraging these credentials as entry points for targeted network intrusions.

For a CISO, this represents a significant risk: The compromised Fortinet credentials potentially enable attackers direct access to network perimeter defences and VPN infrastructures. This often bypasses established authentication and detection mechanisms, providing ransomware operators with a fast door into the network.

Organizations should immediately review their Fortinet environments, particularly if systems with publicly accessible interfaces could be affected. Password resets, examination of access logs, and intensified network monitoring are critical first steps.


Source: www.bleepingcomputer.com · Published 1 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: