Hackers Exploit End-of-Life SonicWall Appliances to Steal Sensitive Data

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Hackers Exploit End-of-Life SonicWall Appliances to Steal Sensitive Data

2025-07-18

Google's Threat Intelligence Group (GTIG) and Mandiant have uncovered an ongoing campaign leveraging vulnerabilities in end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances to steal sensitive data. The threat actor, UNC6148, uses previously stolen credentials and OTP seeds to regain access even after security updates. A backdoor called OVERSTEP modifies the boot process for persistent access, credential theft, and malware concealment. While potentially linked to the Abyss ransomware gang, the attackers' motives and victim count remain unclear. SonicWall has released an update advising users to reset OTP bindings.

(therecord.media)

Tech

Paywall Bypass Site 12ft.io Shut Down by News/Media Alliance

Ukrainian Hackers Take Down Major Russian Drone Supplier, Wipe 47TB of Data