Operation Storming Tide: A massive multi-stage intrusion campaign

fortgale.com

Operation Storming Tide: A massive multi-stage intrusion campaign

fortgale.com

digicatM to

blueteamsecEnglish · 5 hours ago

In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed "FortiSync Quasar," revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.

You must log in or # to comment.

Chat

blueteamsec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

21 users / day
84 users / week
236 users / month
968 users / 6 months
228 local subscribers
665 subscribers
2.83K Posts
216 Comments
Modlog

mods:
digicat