SOCRadar confirmed that stolen Fortinet login credentials, the FortiBleed haul, led to 12 ransomware deployments and 409 administrator account compromises. One operator worked negotiation panels for two rival ransomware crews at once.
The overlap shows ransomware crews increasingly share one stolen-credential supply chain. That makes tracking gangs by name less useful than tracking the broker who sold the access.
