Akira Ransomware Exploits Unpatched SonicWall VPNs

A resurgent Akira ransomware campaign is actively exploiting a year-old vulnerability in unpatched SonicWall SSL VPN appliances to gain initial network access. Attackers move laterally, harvest credentials using advanced techniques like "UnPAC the Hash," and exfiltrate data before deploying the ransomware. The attacks, which often target VMware ESXi environments, have been observed globally across multiple sectors. This activity coincides with a separate security incident where SonicWall firewall configuration backups were exposed, potentially providing threat actors with valid credentials. Security experts urge organizations to immediately patch vulnerable devices, reset all credentials, and enforce multi-factor authentication.

Latest mentioned: 10-13

Earliest mentioned: 10-10

Sources

securityonline.info gbhackers.com thehackernews.com securityaffairs.com

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have documented significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The phishing emails employ convincing banking themes, and the infection chain comprises multiple obfuscated Visual Basic script stages. The Lampion stealer has evolved into a single 700MB DLL file, incorporating encrypted ZIP files to hinder detection.

10-31Read more →