Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Fortinet Exploits: Qilin Ransomware Attacks - News Directory 3

Fortinet Exploits: Qilin Ransomware Attacks

June 7, 2025 Catherine Williams Tech
News Context
At a glance
  • The Qilin ransomware⁤ operation, also ⁢known as Phantom⁤ Mantis, has⁣ added attacks exploiting Fortinet⁣ vulnerabilities to its arsenal.
  • Qilin surfaced in ‍August 2022 as a Ransomware-as-a-Service (RaaS) operation.
  • PRODAFT,‍ a threat intelligence firm, discovered ⁢the new, partially ⁣automated qilin ransomware attacks targeting Fortinet flaws.
Original source: bleepingcomputer.com

The Qilin ransomware group is actively⁢ exploiting Fortinet flaws, delivering a potent threat to networks worldwide.‍ Attackers are leveraging authentication⁢ bypass⁣ and remote code execution vulnerabilities, primarily targeting organizations‍ in ⁢spanish-speaking countries. This marks a significant escalation in cyberattacks, with victims including⁣ major organizations and even NHS hospitals, severely disrupting services. News Directory 3 reports on the new, partially automated campaigns and the zero-day exploits. With⁢ the threat landscape constantly evolving, and considering the past zero-day use ⁣of the secondary_keyword “Fortinet vulnerabilities”, what defensive measures can you take to safeguard your⁢ systems? Discover what’s next as the attacks widen.


Qilin ⁤Ransomware Exploits ⁢Fortinet Flaws in Attacks













Key Points

  • Qilin ransomware now targets Fortinet vulnerabilities.
  • Attacks exploit ‍authentication bypass and remote ⁢code execution flaws.
  • Spanish-speaking countries ⁣are primary ⁣targets.
  • Victims include major organizations and NHS hospitals.

Qilin Ransomware Exploits Fortinet Flaws in attacks

Updated June 07, 2025
‍

The Qilin ransomware⁤ operation, also ⁢known as Phantom⁤ Mantis, has⁣ added attacks exploiting Fortinet⁣ vulnerabilities to its arsenal. Thes flaws allow attackers to bypass authentication and remotely execute ⁢malicious code on vulnerable devices.

Qilin surfaced in ‍August 2022 as a Ransomware-as-a-Service (RaaS) operation. It has⁤ since claimed over 310 victims on its dark web leak site. ⁢The⁢ group’s targets have included automotive giant Yangfeng, publishing house Lee Enterprises, Australia’s Court Services Victoria, ⁢and‍ Synnovis,‍ a pathology services provider. the attack ⁣on Synnovis disrupted several major NHS ‍hospitals⁣ in London,leading to the cancellation ⁢of hundreds of appointments and operations.

PRODAFT,‍ a threat intelligence firm, discovered ⁢the new, partially ⁣automated qilin ransomware attacks targeting Fortinet flaws. They noted that the threat actors are focusing on organizations in Spanish-speaking countries. However, they anticipate the campaign will expand globally.

“Phantom Mantis ⁢recently launched a coordinated intrusion‍ campaign targeting multiple organizations between May and June 2025,” PRODAFT said in a ‍flash alert. “We assess with moderate confidence‍ that initial access is being achieved by exploiting several FortiGate⁤ vulnerabilities,including CVE-2024-21762,CVE-2024-55591,and others.”

According to PRODAFT, the group selects targets opportunistically, rather than following strict geographical or sector-based patterns, despite the focus ⁤on Spanish-speaking countries.

PRODAFT Fortinet Qilin ransomware attacks
PRODAFT’s analysis of Qilin ransomware attacks ⁣targeting fortinet vulnerabilities.

CVE-2024-55591,one of the exploited⁢ flaws,was previously used as a zero-day by other threat groups to breach FortiGate firewalls as⁣ early as November‍ 2024. The Mora_001 ransomware operator also used it to deploy the SuperBlack⁣ ransomware, which is linked to the LockBit cybercrime gang.

CVE-2024-21762, another Fortinet vulnerability exploited by Qilin, was⁢ patched in February.CISA added it to its catalog of actively exploited security flaws, ordering ⁣federal agencies to secure their FortiOS and FortiProxy⁢ devices by Feb. 16.

The⁣ Shadowserver Foundation reported nearly 150,000 devices remained vulnerable to ⁣CVE-2024-21762⁢ attacks almost a month later.

Fortinet security vulnerabilities are often exploited in cyber espionage campaigns and ransomware attacks. In February,Fortinet disclosed that the Chinese Volt Typhoon hacking group used two FortiOS SSL VPN flaws (CVE-2022-42475 and CVE-2023-27997) to deploy the Coathanger custom remote access trojan (RAT) malware. This malware had previously been used to backdoor ⁤a Dutch ⁣Ministry of⁣ defence military network.

What’s next

Organizations using Fortinet products should apply the latest patches and monitor‍ their systems for suspicious activity to⁤ mitigate the risk of Qilin ransomware attacks. Vigilance and proactive security measures are crucial to defend against evolving cyber ⁣threats.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com