| |

SonicWall firewalls under threat from ransomware attacks, potentially exploiting zero-day vulnerabilities.

ByAdmin

Attackers wielding the Akira ransomware and potentially exploiting a zero-day vulnerability have been targeting SonicWall firewalls since July 15, 2025. Arctic Wolf researchers have reported multiple pre-ransomware intrusions occurring in quick succession, all involving VPN access through SonicWall SSL VPNs. While the possibility of initial access through brute force, dictionary attacks, and credential stuffing has not been ruled out, evidence suggests the exploitation of a zero-day vulnerability. In some cases, fully patched SonicWall devices were compromised even after credential rotation, and accounts remained vulnerable despite the implementation of time-based one-time password multi-factor authentication. The researchers noted a rapid progression from initial SSL VPN account access to ransomware encryption, prompting them to advise organisations to consider disabling the SonicWall SSL VPN service until further clarity is achieved regarding the zero-day exploit and the availability of a patch.

This warning follows SonicWall’s recent advisory urging customers to patch a newly identified vulnerability (CVE-2025-40599) affecting its Secure Mobile Access (SMA) 210, 410, or 500v appliances. Although SonicWall stated there is no evidence that CVE-2025-40599 is currently being exploited, they recommended that organisations check for potential compromises from earlier attack campaigns investigated by Google’s Threat Intelligence Group. This campaign may have begun as early as January 2025, with ongoing investigations into whether attackers leveraged a zero-day vulnerability to deploy the persistent OVERSTEP rootkit/backdoor or ransomware. SonicWall has issued urgent guidance on removing the rootkit, upgrading or rebuilding compromised devices, rotating credentials, and resetting OTP seeds and bindings. Google’s researchers have also updated their report with new network indicators of compromise related to this campaign. 

Similar Posts

| |

**Cybersecurity News Update: Chrome and Gemini Vulnerabilities, Linux Malware Threats, and Man-in-the-Prompt Attack Explained** Stay informed with our latest cybersecurity news recap, covering critical vulnerabilities in Chrome and Gemini, emerging Linux malware threats, and the innovative Man-in-the-Prompt attack. Discover how these issues could impact your digital security and what measures you can take to protect yourself. Read on for essential insights into the current cybersecurity landscape.

Leave a Reply

Your email address will not be published. Required fields are marked *