A critical vulnerability in SonicWall VPNs is currently being exploited in zero-day attacks, leading to an urgent advisory from the network security vendor. Attackers are using this flaw to bypass multi-factor authentication and deploy ransomware, such as Akira, shortly after gaining initial access. The exploit primarily targets SonicWall’s seventh-generation firewall appliances with firmware version 7.2.0-7015 or earlier. Following the breach, attackers engage in activities like credential theft, lateral movement, and command-and-control setup, using tools such as PowerShell Remoting and WMI. These activities have been linked to the deployment of ransomware after disabling security measures. The vulnerability poses significant risks to organizations, potentially causing major disruptions and data breaches. To mitigate the threat, it is recommended to disable SSL VPN services on affected devices, restrict access to trusted IPs, audit service accounts, and monitor for indicators of compromise.
Is a SonicWall VPN Zero-Day Vulnerability Being Actively Exploited?
