Mora_001 is a threat actor attributed to RU. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Mora_001 exploit?

Specific CVE exploitation data for Mora_001 is being tracked. Check the Strobes VI threat actor profile for updates.

Mora_001

Exploited CVEs

Overview

Mora_001 is a threat actor exhibiting a distinct operational signature that combines opportunistic attacks with ties to the LockBit ecosystem. The actor has been observed exploiting CVE-2024-55591 and CVE-2025-24472 vulnerabilities affecting Fortinet devices. The ransom note associated with Mora_001 includes the same TOX ID used by LockBit, indicating a potential affiliation or shared communication channels. Their post-exploitation patterns suggest a structured playbook that differentiates them from other ransomware operators, including LockBit affiliates.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database