A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own.

According reports from Belgium’s Computerland publication, the “wannabes,” while not as sophisticated as the LockBit operators themselves, were able to encrypt the files of at least one organization. The LockBit impersonators were able to exploit an unpatched FortiGate firewall, researcher Pierluigi Paganini explained.