Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News

The group’s recent campaign has primarily leveraged critical vulnerabilities in Fortinet’s enterprise security appliances, specifically targeting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices. The researchers noted that Qilin’s approach differs significantly from traditional ransomware operations, incorporating zero-day exploits and leveraging widely deployed perimeter security devices as primary attack vectors. The scope of Qilin’s operations extends beyond conventional ransomware deployment, encompassing a comprehensive cybercrime ecosystem that includes spam distribution, DDoS attacks, petabyte-scale data storage capabilities, and even in-house journalists for psychological pressure campaigns. The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. The malware’s modular architecture allows for automated negotiation tools and psychological pressure tactics, including the recently introduced “Call Lawyer” feature that simulates legal engagement during ransom negotiations, maximizing the psychological impact on victims while streamlining the extortion process. Despite CVE-2024-21762 being patched in February 2025, tens of thousands of systems remain exposed, creating an expansive attack surface that Qilin has systematically exploited through partially automated deployment mechanisms. The exploitation process involves sending specially crafted requests to the vulnerable Fortinet devices, enabling remote code execution that establishes a foothold within the target network. These vulnerabilities enable authentication bypass and remote code execution capabilities, providing threat actors with direct pathways into enterprise networks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This Ransomware-as-a-Service operation, which has accumulated over 310 victims since its emergence, has distinguished itself through sophisticated attack methodologies and strategic exploitation of critical infrastructure vulnerabilities. The attack chain initiates when threat actors conduct reconnaissance to identify unpatched FortiGate and FortiProxy devices exposed to the internet. The group’s rapid ascension reflects the evolving nature of ransomware threats, where technical innovation and opportunistic targeting converge to create unprecedented cybersecurity challenges. Once inside, Qilin’s payload, written in Rust and C programming languages, employs advanced persistence mechanisms including Safe Mode execution and network propagation capabilities. Qilin’s infection mechanism represents a sophisticated multi-stage process that begins with the systematic identification and exploitation of vulnerable Fortinet appliances. Cyfirma analysts identified that the campaign, observed intensively between May and June 2025, initially focused on Spanish-speaking regions but has since evolved into opportunistic targeting that transcends geographical and sectoral boundaries. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. This strategic pivot demonstrates the group’s technical maturity and ability to adapt quickly to emerging vulnerabilities in enterprise environments. This multi-faceted approach positions Qilin to fill the operational vacuum left by defunct groups like LockBit and BlackCat, attracting affiliates and expanding their reach across global markets. Upon discovering vulnerable systems, the group leverages CVE-2024-21762’s authentication bypass capability to gain initial access without requiring valid credentials. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 12 Jul 2025 07:15:14 +0000


Cyber News related to Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News

Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities - Cyber Security News - The group’s recent campaign has primarily leveraged critical vulnerabilities in Fortinet’s enterprise security appliances, specifically targeting CVE-2024-21762 and CVE-2024-55591 in unpatched FortiGate and FortiProxy devices. The ...
3 days ago Cybersecuritynews.com CVE-2024-21762 LockBit Qilin
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 weeks ago Cybersecuritynews.com
Avoid high cyber insurance costs by improving Active Directory security - Insurance broker and risk advisor Marsh revealed that US cyber insurance premiums rose by an average of 11% in the first quarter of 2023, and Delinea reported that 67% of survey respondents said their cyber insurance costs increased between 50% and ...
1 year ago Bleepingcomputer.com
Ransomware Operations Surge Following Qilin's New Pattern of Attacks - The cybersecurity landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group emerged as the dominant threat actor, orchestrating an unprecedented surge in high-value targeted attacks across multiple sectors and geographical ...
4 days ago Cybersecuritynews.com Qilin Ransomhub
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
3 months ago Cybersecuritynews.com
Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records - What sets Arkana apart from traditional ransomware groups is their initial focus on psychological warfare and data exfiltration rather than immediate system encryption, utilizing their “Wall of Shame” tactics to publicly expose sensitive ...
3 days ago Cybersecuritynews.com Qilin
A look at Fortinet's week to forget The Register - Security researchers have urged users to patch vulnerable VPNs as soon as possible since the vulnerability is understood to be easily exploitable. The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate ...
1 year ago Go.theregister.com CVE-2024-23113 CVE-2024-23108 CVE-2024-23109 CVE-2023-34992
Latest Information Security and Hacking Incidents - The ransomware strain Qilin has surfaced as a new danger to computers using VMware ESXi, which is a recent development in the cryptocurrency space. Concerned observers have expressed concern over the fact that this Qilin Linux version exhibits a ...
1 year ago Cysecurity.news Qilin
Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access - To bolster defenses, Fortinet has introduced enhanced security features in recent updates, including compile-time hardening, virtual patching, firmware integrity validation, and automated upgrade tools like Uninterrupted Cluster Upgrade and Automatic ...
3 months ago Cybersecuritynews.com
Top 10 Best Active Directory Management Tools in 2025 - SolarWinds Access Rights Manager (ARM) is a robust Active Directory management tool designed to enhance security and simplify user permissions management. Dameware Remote Everywhere (DRE) is a powerful Active Directory management tool that provides ...
3 months ago Cybersecuritynews.com
Qilin Has Emerged as The Top Ransomware Group in April with 74 Cyber Attacks - In a significant shift within the cybercriminal ecosystem, Qilin ransomware group has surged to prominence in April 2025, orchestrating 74 cyber attacks globally according to the latest threat intelligence report. This dramatic rise follows the ...
2 months ago Cybersecuritynews.com Ransomhub Qilin
CISA warns Fortinet zero-day vulnerability under attack - CISA urged users to address two critical Fortinet vulnerabilities in products that are commonly targeted by the Chinese nation-state threat group Volt Typhoon, and one flaw is already being exploited in the wild. Fortinet published two separate ...
1 year ago Techtarget.com CVE-2024-21762 CVE-2024-22024 CVE-2023-27997 CVE-2024-23113 Volt Typhoon
Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN - Security experts recommend immediate patching of all Fortinet devices, monitoring for WebSocket handshake requests to suspicious endpoints, and reviewing historical logs for signs of exploitation attempts using these now-exposed techniques. The ...
2 months ago Cybersecuritynews.com CVE-2024-23108 APT41
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
1 year ago Techrepublic.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com
Fortinet Warns of Yet Another Critical RCE Flaw - Fortinet has patched a critical remote code execution vulnerability in its FortiClient Enterprise Management Server for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage ...
1 year ago Darkreading.com CVE-2024-48788 CVE-2023-27997 CVE-2022-40684 CVE-2023-34993 CVE-2023-34991 CVE-2023-48782 CVE-2023-42783 Volt Typhoon
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
3 months ago Cybersecuritynews.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
9 months ago Cyberdefensemagazine.com Akira
Blind Eagle Hackers Leveraging Google Drive, Dropbox & GitHub To Bypass Security Defenses - After infection, Remcos can capture user credentials by logging keystrokes and stealing stored passwords, modify and delete files to sabotage systems or encrypt data for ransom, establish persistence through scheduled tasks and registry modifications ...
4 months ago Cybersecuritynews.com CVE-2024-43451 APT-C-36
Surge in Cloud Threats Spikes Rapid Adoption of CNAPPs for Cloud-Native Security - CNAPPs integrate multiple previously separate technologies—including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Cloud Infrastructure Entitlement Management (CIEM), Kubernetes Security Posture Management ...
3 months ago Cybersecuritynews.com
Key Breakthroughs from RSA Conference 2025 - Day 1 - Sumo Logic unveiled intelligent security operations with capabilities like detection-as-code (bringing DevSecOps to threat detection), UEBA historical baselining (improving accuracy by learning behavior over time), multiple threat intelligence feeds, ...
2 months ago Cybersecuritynews.com Inception

Latest Cyber News


Cyber Trends (last 7 days)