The SuperBlack ransomware, a modified LockBit 3.0 variant, is deployed by the Mora_001 threat actor using a double extortion strategy to steal and encrypt sensitive data. They exploit Fortinet vulnerabilities (CVE-2025-24472 & CVE-2024-55591) for initial access, escalating privileges by creating super_admin accounts. Persistence is maintained through HA configuration manipulation, while VPN brute-force attacks enable lateral movement. With FortiGate devices at risk globally, organizations must urgently patch vulnerabilities and enhance security measures.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox