Ethical Hacking News
SonicWall has released a firmware update aimed at removing rootkit malware that was deployed in recent attacks targeting its Secure Mobile Access (SMA) 100 appliances. The update follows a series of other security threats and vulnerabilities discovered in SonicWall's products, which have been exploited by attackers for ransomware infections, credential- and data-stealing campaigns.
SonicWall has released a firmware update (version 10.2.2.2-92sv) aimed at removing rootkit malware dubbed OVERSTEP from its Secure Mobile Access (SMA) 100 appliances.The update follows a series of security threats and vulnerabilities discovered in SonicWall's products, including brute-force attacks targeting its cloud backup service and ransomware infections.The firmware update addresses a previously unknown backdoor and rootkit that modified the appliance's boot process to maintain persistent access and steal sensitive credentials.SonicWall has strongly recommended users upgrade to the latest firmware version as soon as possible due to the risk of ongoing attacks by Akira ransomware affiliates.The company is taking proactive steps to address emerging security threats and vulnerabilities in its products, demonstrating its commitment to providing robust cybersecurity solutions.
SonicWall, a leading cybersecurity vendor, has recently released a firmware update aimed at removing rootkit malware that has been deployed in recent attacks targeting its Secure Mobile Access (SMA) 100 appliances. This update follows a series of other security threats and vulnerabilities discovered in SonicWall's products, which have been exploited by attackers for ransomware infections, credential- and data-stealing campaigns.
The firmware update, version 10.2.2.2-92sv, is specifically designed to address the rootkit malware dubbed OVERSTEP, which was first reported by Google's threat group analysts in July. The researchers had identified a previously unknown backdoor and rootkit that modified the appliance's boot process to maintain persistent access, enabling attackers to steal sensitive credentials and conceal their own components.
The SonicWall security vendor has strongly recommended that users of SMA 100 series products upgrade to the latest firmware version as soon as possible. This recommendation comes on the heels of a warning issued by the US Cybersecurity and Infrastructure Security Agency (CISA) about brute-force attacks targeting its cloud backup service for firewalls, following The Register's report last week about the intrusions.
In August, SonicWall confirmed that it was investigating a wave of ransomware activity targeting its firewall devices. It turned out that Akira ransomware affiliates were behind these attacks, tied to CVE-2024-40766 - a 9.8 CVSS-rated improper access control flaw originally disclosed in August 2024 - that Akira also abused last year to gain initial access to victim organizations before deploying ransomware and extorting the infected firms for ransom payments.
Earlier this month, Rapid7 security analysts warned that Akira was also poking holes in SonicWall SSLVPN misconfigurations and exploiting these weaknesses, in addition to the year-old CVE, to conduct its ransomware attacks. This latest update is part of SonicWall's ongoing efforts to address emerging security threats and vulnerabilities in its products.
The rootkit-busting firmware update marks a significant step forward for SonicWall in its quest to protect its customers from increasingly sophisticated cyber threats. The company's proactive approach to addressing emerging vulnerabilities demonstrates its commitment to providing robust cybersecurity solutions that meet the evolving needs of its users.
As cybersecurity experts continue to monitor the situation and analyze the impact of these attacks, it is clear that SonicWall's firmware update will play a crucial role in mitigating the risks associated with the OVERSTEP rootkit. By taking proactive steps to address this threat, SonicWall is sending a strong message about its dedication to protecting its customers from the ever-evolving landscape of cyber threats.
The release of this firmware update serves as a reminder of the importance of staying vigilant and up-to-date with the latest cybersecurity best practices. As security vendors continue to work tirelessly to develop solutions that address emerging vulnerabilities, it is essential for users to take an active role in protecting themselves against these threats.
In conclusion, SonicWall's rootkit-busting firmware update represents a significant step forward in the company's efforts to protect its customers from the latest wave of cyber threats. By taking proactive steps to address emerging vulnerabilities and providing robust cybersecurity solutions, SonicWall is demonstrating its commitment to staying ahead of the evolving threat landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/SonicWall-Rootkit-Busting-Firmware-Update-A-Response-to-the-Ongoing-Wave-of-SonicWall-Security-Threats-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/
Published: Tue Sep 23 15:26:16 2025 by llama3.2 3B Q4_K_M
