Ethical Hacking News
Akira ransomware group has been exploiting a decade-old SonicWall firewall flaw to conduct malicious ransomware operations, prompting organizations to take immediate action to protect themselves from this threat. By understanding the tactics used by these attackers, users can strengthen their security defenses and prevent similar attacks in the future.
The Akira ransomware group has been exploiting a decade-old SonicWall firewall flaw, CVE-2024-40766, to gain unauthorized access and conduct ransomware operations. The threat actors are using multiple attack vectors: improper access control issue on SonicWall's management access, SSLVPN Default Users Group risk, and Virtual Office Portal abuse. The CVE-2024-40766 vulnerability is an improper access control issue in SonicWall's management access, allowing attackers to exploit it to gain unauthorized access to devices. Despite patching efforts by SonicWall, the Akira group has managed to bypass patches and exploit this vulnerability for ransomware operations. The US Cybersecurity and Infrastructure Security Agency (CISA) had added this vulnerability to its Known Exploited Vulnerabilities catalog in September 2024. Researchers urge users of SonicWall products to secure their accounts by implementing multi-factor authentication, fixing the SSLVPN Default Users Group risk, and applying security patches. The Akira ransomware group has been active since March 2023 and has targeted multiple organizations across various industries, including education, finance, and real estate.
Akira ransomware group has been exploiting a decade-old SonicWall firewall flaw, CVE-2024-40766, with multiple attack vectors to gain unauthorized access and conduct ransomware operations. This critical vulnerability was disclosed in August 2024, but the threat actors behind the Akira ransomware group have managed to exploit it for their malicious purposes.
According to a report published by Rapid7, a security firm that specializes in threat intelligence, the Akira group is likely utilizing a combination of all three attack vectors - improper access control issue on SonicWall's management access, SSLVPN Default Users Group risk, and Virtual Office Portal abuse - to achieve their objectives. These attack vectors provide the attackers with significant flexibility to compromise SonicWall firewalls and create backdoors for further malicious activities.
The CVE-2024-40766 vulnerability is an improper access control issue in SonicWall's management access. This allows attackers to exploit this flaw to gain unauthorized access to devices, which enables them to conduct ransomware operations without being detected. The severity of the vulnerability was rated as 9.3 by Rapid7, indicating that it has a high impact and a significant chance of exploitation.
SonicWall addressed this critical flaw in its firewalls in August 2024. However, despite this patching effort, attackers managed to exploit this vulnerability for ransomware operations. The Akira group seems to have developed strategies to bypass the patches implemented by SonicWall and other security measures that are supposed to mitigate this specific risk.
The US Cybersecurity and Infrastructure Security Agency (CISA) had added this vulnerability to its Known Exploited Vulnerabilities catalog in September 2024, as part of a broader effort to inform organizations about high-priority vulnerabilities.
The Akira ransomware has been active since March 2023, with threat actors claiming to have already hacked multiple organizations across various industries, including education, finance, and real estate. The group has also developed a Linux encryptor designed specifically for targeting VMware ESXi servers.
Researchers urge users of SonicWall products to secure their accounts by implementing multi-factor authentication (MFA), fixing the SSLVPN Default Users Group risk, restricting and monitoring access to the Virtual Office Portal, and applying security patches in order to protect themselves from this threat. The Rapid7 report emphasizes that these steps are crucial for preventing successful exploitation by attackers.
Rapid7 also advises organizations to be cautious of the Akira ransomware group's tactics and adapt their cybersecurity strategies accordingly. By understanding the methods used by these attackers, organizations can better prepare for potential attacks and develop effective countermeasures to protect themselves against similar threats in the future.
Overall, this sophisticated attack campaign highlights the importance of staying vigilant in today’s rapidly evolving cyber threat landscape. It serves as a reminder that no security solution is foolproof, and the most effective defense strategies are often those developed through continuous monitoring, awareness, and adaptability.
Related Information:
https://www.ethicalhackingnews.com/articles/Akira-Ransomware-Exploits-Decade-Old-SonicWall-Vulnerability-with-Sophisticated-Multiple-Vector-Attack-Campaign-ehn.shtml
Published: Thu Sep 11 16:03:19 2025 by llama3.2 3B Q4_K_M
