Skip to content

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

Posted by: GuidePoint Security

< 1 min read

August 7, 2025 – Published on Help Net Security

Since July 15, 2025, researchers have observed a notable surge in ransomware activity targeting SonicWall firewalls, specifically via their SSL VPN functionality, and posited that the attackers might be leveraging a zero-day vulnerability because, in some cases, fully patched SonicWall devices were affected following credential rotation and despite time-based one-time password (TOTP) multi-factor authentication (MFA) being enabled.

This wave of attacks aligns with patterns previously seen from the Akira ransomware-as-a-service group.

Huntress and GuidePoint Security have shared indicators of compromise associated with the campaign and listed the various actions and tools used by the attackers.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRIT®ransomware

GuidePoint Security

GRITREP: Observed Malicious Driver Use Associated with Akira SonicWall Campaign
Bottom-Line Up Front (BLUF): We have observed Akira affiliates exploiting two common drivers as part of a suspected AV/EDR evasion […]
View Page

Related Articles

View All

  • News
GRITREP: Observed Malicious Driver Use Associated with Akira SonicWall Campaign
Posted by: Jason Baker
Read More 3 min read
  • Incident Response & Threat Intelligence
GRIT 2025 Q2 Ransomware & Cyber Threat Report
Read More < 1 min read
  • Incident Response & Threat Intelligence
Ransomware is evolving faster than it’s being stopped
Read More < 1 min read