importantSYS.SOURCE: The Hacker News• 2026-07-02T13:30:49+05:30
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
#Credential Theft#Ransomware#Fortinet#INC/Lynx
A large-scale credential theft campaign targeting Fortinet devices, which gathered over 110 million credentials, was linked to the INC and Lynx ransomware operations. This activity involved threat actors using stolen credentials for subsequent intrusions and coordinating through shared infrastructure.
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions.
"An operator tied to FortiBleed's infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly to ransomware deployment
*** END OF TRANSMISSION ***