| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has been observed exploiting CVE-2024-55591 and CVE-2025-24472 vulnerabilities affecting Fortinet devices. The ransom note associated with Mora_001 includes the same TOX ID used by LockBit, indicating a potential affiliation or shared communication channels. Their post-exploitation patterns suggest a structured playbook that differentiates them from other ransomware operators, including LockBit affiliates.
There are currently no families associated with this actor.
| 2025-03-13
⋅
Forescout
⋅
New Ransomware Operator Exploits Fortinet Vulnerability Duo BlackMatter LockBit Mora_001 |