A new wave of ransomware attacks may be exploiting an unknown zero-day vulnerability in SonicWall firewall devices, researchers warn. Arctic Wolf detected suspicious activity starting July 15, when hackers used VPN access through SonicWall SSL VPNs to launch intrusions the following week. The attackers deployed Akira ransomware in hands-on attacks after compromising the devices.
What's particularly concerning: hackers breached fully patched SonicWall systems with rotated credentials and even bypassed multi-factor authentication. This echoes similar attacks from 2024 targeting CVE-2024-40766. Arctic Wolf's investigation remains preliminary, but the pattern suggests a serious new threat to SonicWall users.
Source: Cybersecurity Dive