Particle.news
Download on the App Store
11 ARTICLES
·
3w ago

SonicWall Investigates Potential Zero-Day in Gen 7 SSL VPNs as Akira Ransomware Escalates

SonicWall launched its review in response to coordinated alerts from Arctic Wolf, Huntress, Google GTIG reporting a mid-July surge of intrusions that bypass multifactor authentication, deploy stealthy backdoors, encrypt critical systems.

SonicWall
yellow padlocks patterned on a red background
SonicWall zero-day
Image

Overview

  • SonicWall has confirmed increased cyber incidents on Gen 7 firewalls with SSL VPN enabled and is collaborating with Arctic Wolf, Huntress and Google GTIG to determine if these breaches exploit a new zero-day vulnerability.
  • Researchers report that fully patched devices with multifactor authentication and rotated credentials were compromised, indicating attackers are exploiting an unknown flaw to gain initial access.
  • Huntress has documented more than 20 distinct attacks since July 25, observing rapid lateral movement to domain controllers, credential theft and disabling of security tools before ransomware execution.
  • Google Threat Intelligence Group assesses with moderate confidence that UNC6148 used an unknown zero-day to deploy the OVERSTEP rootkit on targeted SonicWall SMA appliances, enabling persistent backdoor access.
  • SonicWall recommends disabling SSL VPN where practical, limiting connections to trusted IP addresses, enforcing multifactor authentication, enabling security services and removing unused accounts to curb further exploitation.