Fortinet firewall bugs are being targeted by LockBit ransomware hackers

Two bugs are being exploited to drop a LockBit variant

News By Sead Fadilpašić published 18 March 2025

(Image credit: Pixabay)

• Security pros spot a new LockBit variant in the wild
• A potential affiliate abused two Fortinet flaws to deploy the encryptor
• There are multiple overlaps with LockBit 3.0

LockBit affiliates are using vulnerable Fortinet endpoints to target businesses with an updated ransomware strain, experts have warned.

Cybersecurity researchers at Forescout found the threat actor is using two vulnerabilities in Fortinet firewalls, tracked as CVE-2024-55591, and CVE-2025-24472, to deploy an updated ransomware strain named SuperBlack.

Both vulnerabilities had been used in the past before, and both were patched in January 2025 - so the best way to defend against the attacks is to make sure your Fortinet firewalls are up to date.

You may like

• Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
• Fortinet flags some worrying security bugs coming back from the dead

At least three victims

Forescout named the group running the attacks “Mora_001”. Since there are some overlaps in its tactics, techniques, and procedures (TTP) with LockBit, the researchers believe the group could be a LockBit affiliate.

Apparently, SuperBlack is based on the builder that was used in LockBit 3.0 attacks, and which leaked in the past. Furthermore, the ransom note in both LockBit and Mora_001 attacks uses the same messaging address.

Speaking to TechCrunch, senior manager of threat hunting at Forescout, Sai Molige, said there were at least three confirmed cases, but added that “there could be others”.

LockBit was one of the most disruptive and influential ransomware groups around, however, in late February 2024, it was struck by the FBI, and it never fully recovered. The law enforcement seized its website, the data it held, and obtained “thousands” of decryption keys.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors