Daily Briefing for 03.14.25

At a glance.

• US senators request transparency surrounding the UK's demands for encryption backdoors.
• New ransomware operator targets Fortinet vulnerabilities.
• Alleged LockBit developer extradited to the US.

US senators request transparency surrounding the UK's demands for encryption backdoors.

A bipartisan group of US Senators yesterday published a letter urging the UK's Investigatory Powers Tribunal to "remove the cloak of secrecy" around reported requests to US companies for encryption backdoors. Apple reportedly received Technical Capability Notice (TCN) under the UK's Investigatory Powers Act, requiring the company to provide the UK's security services with a way to access encrypted messages. Apple is barred by UK law from confirming whether it received such a notice, but ComputerWeekly reports that the company is contesting the order in a closed court today.

The Record notes that Google refused to deny whether it received a similar notice. The company told Senator Ron Wyden (Democrat of Oregon) that if it had received such a request, "it would be prohibited from disclosing that fact." The senators said in their letter, "The UK’s attempted gag has already restricted U.S. companies from engaging in speech that is constitutionally protected under U.S. law and necessary for ongoing Congressional oversight."

US Director of National Intelligence Tulsi Gabbard has ordered a legal review of the UK government's demand, calling it "a clear and egregious violation of Americans’ privacy and civil liberties." President Trump said he raised the issue in a meeting with Prime Minister Keir Starmer, comparing the request to "something you hear about with China."

New ransomware operator targets Fortinet vulnerabilities.

Forescout warns that a new ransomware operator is exploiting two recently patched Fortinet firewall vulnerabilities to deploy a custom strain of ransomware dubbed "SuperBlack." SuperBlack was crafted with the builder for LockBit 3.0, which leaked online in 2022.

The attacker is targeting CVE-2024-55591 and CVE-2025-24472, which can be used to gain administrator privileges on vulnerable FortiOS devices. A proof-of-concept exploit has been available since late January, and Forescout recommends that organizations patch these flaws as soon as possible. The researchers note that there are at least 7,677 exposed FortiGate firewalls in the United States alone.

Alleged LockBit developer extradited to the US.

A dual Russian and Israeli national has been extradited from Israel to the United States for his alleged role in the LockBit ransomware gang. The US Justice Department said 51-year-old Rostislav Panev "acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least February 2024."

Justice added, "[A]t the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims. On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks. Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web."