A newly discovered ransomware group known as Mora_001 is carrying out cyberattacks by exploiting security weaknesses found in Fortinet’s firewall systems. The group is using a custom ransomware strain named SuperBlack to target organizations and lock their data for ransom.
The attackers are taking advantage of two security loopholes that allow them to bypass login protections on Fortinet devices. These issues, listed as CVE-2024-55591 and CVE-2025-24472, were made public by Fortinet earlier this year. Reports indicate that one of these vulnerabilities had been secretly exploited by attackers even before the company officially disclosed it.
Initially, Fortinet clarified that only one of the two bugs had been misused. However, a recent investigation suggests that the second vulnerability was also being exploited during the same period. Researchers from cybersecurity firm Forescout uncovered this while examining attacks that occurred in January and February 2025.
Step-by-Step Breakdown of the Attack
The cybercriminals begin their attack by finding exposed Fortinet firewall devices that haven’t been updated. They then use these security flaws to gain full control over the system.
Once inside, the attackers grant themselves the highest level of access, commonly known as ‘super admin’ rights. They either use web-based tools or direct network requests to make these changes.
After securing control, they create new administ
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.