Particle.news
Download on the App Store
6 ARTICLES
·
3w ago

Akira Ransomware Renews Attacks Through Year-Old SonicWall Flaw and SSLVPN Gaps

Researchers tie the latest breaches to incomplete remediation alongside misconfigured SSLVPN features that expand access paths.

Image

Overview

  • Rapid7 reports a steady rise in cases since July and says it has handled a double-digit number of customer incidents tied to these SonicWall-related threats.
  • The Australian Cyber Security Centre warns of increased exploitation in Australia and confirms Akira is targeting vulnerable organizations through SonicWall SSL VPNs.
  • Investigators say affiliates often combine CVE-2024-40766 with overprovisioned Default Users Group settings and public Virtual Office portals that can be abused to configure MFA/TOTP using known credentials.
  • SonicWall previously counted fewer than 40 confirmed cases in early August, frequently linked to migrated devices where local passwords were not reset, while researchers note hundreds of thousands of devices remain publicly accessible.
  • Defenders are urged to rotate and remove local accounts, enforce MFA/TOTP, set the Default LDAP User Group to None, restrict the Virtual Office portal to internal networks, monitor access, and upgrade to SonicOS 7.3 or later.