Ethical Hacking News
SonicWall has launched an investigation into a surge in Akira ransomware attacks targeting its Gen 7 firewalls with SSLVPN enabled. The company believes that a zero-day vulnerability may be responsible for the increased activity, and is urging users to take immediate action to protect themselves from potential exploitation.
SonicWall has launched an investigation into a surge in Akira ransomware attacks targeting its Gen 7 firewalls with SSLVPN enabled. The Akira ransomware group has demonstrated sophisticated approaches to its attacks, using advanced techniques to evade detection and exploit vulnerabilities. A suspected zero-day vulnerability in SonicWall VPNs could allow attackers to gain unauthorized access to systems even with Multi-Factor Authentication (MFA). Users are advised to take immediate action to protect themselves from potential exploitation by disabling SSLVPN, restricting access, and enforcing MFA.
SonicWall, a leading cybersecurity firm, has launched an investigation into a surge in Akira ransomware attacks targeting its Gen 7 firewalls with SSLVPN enabled. The company's statement reveals that there has been a notable increase in cyber incidents involving these firewalls over the past 72 hours, as reported by both internal and external threat researchers such as Arctic Wolf, Google Mandiant, and Huntress.
The Akira ransomware group, which has been active since March 2023, has demonstrated a sophisticated approach to its attacks. The malware is capable of targeting VMware ESXi servers, and the group has developed a Linux encryptor to carry out these attacks. This level of sophistication suggests that the group may be using advanced techniques to evade detection and exploit vulnerabilities in its targets.
The investigation into the SonicWall VPN vulnerability was sparked by reports from Arctic Wolf Labs, which observed multiple intrusions via VPN access in late July 2025. The researchers found evidence suggesting a likely zero-day vulnerability in SonicWall VPNs, as fully patched devices with MFA and rotated credentials were still compromised in some attacks.
The findings of the investigation have significant implications for organizations that rely on SonicWall firewalls to secure their networks. If the suspected vulnerability exists in firmware versions 7.2.0-7015 and earlier, it could potentially allow attackers to gain unauthorized access to these systems even if they have taken steps to protect themselves with Multi-Factor Authentication (MFA).
The SonicWall team has recommended several measures for users of Gen 7 firewalls with SSLVPN enabled, including disabling the service where possible, restricting access to trusted IPs, enabling security services like Botnet Protection and Geo-IP Filtering, enforcing MFA, removing unused accounts, especially those with SSLVPN access, and maintaining strong password practices. These steps aim to reduce risk while SonicWall continues its investigation into the vulnerability.
The surge in Akira ransomware attacks has been a concern for organizations across multiple industries, including education, finance, and real estate. The group's use of advanced techniques to carry out these attacks has made it challenging for security teams to detect and respond to the threats in a timely manner.
In response to this threat, SonicWall urges its users to take immediate action to protect themselves from potential exploitation. By following the recommended measures outlined by the company, organizations can reduce their risk of falling victim to these attacks and minimize the impact of any potential breach.
The investigation into the Akira ransomware vulnerability is ongoing, and SonicWall will provide updates as more information becomes available. In the meantime, users are advised to stay vigilant and take all necessary precautions to protect themselves from potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Akira-Ransomware-Surge-Sparks-SonicWall-Investigation-Potential-Zero-Day-Exploited-Through-Vulnerable-Firewalls-ehn.shtml
https://securityaffairs.com/180803/security/sonicwall-investigates-possible-zero-day-amid-akira-ransomware-surge.html
Published: Tue Aug 5 05:52:01 2025 by llama3.2 3B Q4_K_M
