Qilin Leads in Exploiting Unpatched Fortinet Vulnerabilities

The Qilin group has surged to prominence by aggressively exploiting critical vulnerabilities in Fortinet devices, underscoring a broader trend of sophisticated cyber extortion tactics targeting data-dependent sectors.

Global ransomware victims dropped to 463, a 15% decline from May’s 545, yet the intensity of attacks remained high, with Qilin claiming 81 victims through opportunistic intrusions leveraging unpatched FortiGate and FortiProxy systems.

Specifically, Qilin weaponized CVE-2024-21762 and CVE-2024-55591 for authentication bypass and remote code execution, enabling partially automated payload deployment.

This Ransomware-as-a-Service (RaaS) operation, active since its emergence with over 310 victims, has integrated zero-day exploits into its arsenal, focusing on perimeter devices to compromise enterprises in Spanish-speaking regions and beyond.

The group’s evolution includes psychological coercion via a “Call Lawyer” feature in its affiliate panel, simulating legal threats to accelerate ransom payments, alongside advanced capabilities like Rust and C-based payloads, Safe Mode execution, and network propagation.

Introduce Stealthy and ...