Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. “Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between […] Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. “Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between May and June 2025. Initial access are being achieved by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, CVE-2024-55591, and others.” reads the report published by PRODAFT. Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware.The attack is fully automated, with only victim selection done manually.Details in our flash alert on CATALYST: https://t.co/BDjEX2KqqO pic.twitter.com/oRHQzzIph8— PRODAFT (@PRODAFT) June 6, 2025
Published: 2025-06-06T22:09:16