Slashdot: Escalation in Akira Campaign Targeting SonicWall VPNs, Deploying Ransomware, With Malicious Logins

Sep 27, 2025

—

Source URL: https://it.slashdot.org/story/25/09/27/2055246/escalation-in-akira-campaign-targeting-sonicwall-vpns-deploying-ransomware-with-malicious-logins?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Escalation in Akira Campaign Targeting SonicWall VPNs, Deploying Ransomware, With Malicious Logins

Feedly Summary:

AI Summary and Description: Yes

Summary: This text discusses a recent security incident involving the exploitation of a vulnerability in SonicWall SSL VPNs, leading to rapid ransomware deployment. The analysis highlights the critical need for early detection and response to thwart such intrusion attempts, especially as they exploit previously vulnerable devices.

Detailed Description: The text outlines a significant cybersecurity threat observed by Arctic Wolf Labs, where attackers are exploiting a known vulnerability (CVE-2024-40766) in SonicWall SSL VPNs to gain unauthorized access. Key points include:

– **Surge in Attacks**: A notable increase in unauthorized access attempts was recorded, characterized by suspicious activities such as port scanning and the use of specific tools (Impacket SMB) to facilitate lateral movement in networks.
– **Ransomware Deployment**: Intrusions led to rapid deployment of Akira ransomware, emphasizing the attack’s speed, often occurring within minutes of initial access. The dwell time—time from initial breach to ransomware deployment—was alarmingly short, sometimes as brief as 55 minutes.
– **Exploitation of Past Vulnerabilities**: Attackers leveraged credentials from previously vulnerable devices, underscoring that even patched systems can be compromised if credential harvesting has occurred.
– **Threat Actor Tactics**: The attackers managed to authenticate accounts secured with one-time password (OTP) multi-factor authentication (MFA), indicating sophisticated tactics that can bypass even common security measures.
– **Response Recommendations**: To combat such threats, organizations are advised to:
– Monitor for suspicious VPN logins from untrusted infrastructure.
– Maintain visibility into internal networks to detect lateral movements rapidly.
– Identify and address anomalies in SMB activity that may indicate malicious use of Impacket.
– Reset credentials, including MFA secrets, especially when vulnerabilities in firewall firmware are identified.

Overall, the text serves as a crucial reminder for security teams to bolster their defenses through proactive monitoring and rapid incident response plans in light of evolving attack methodologies.

1 2 2024 24 4 5 7 a access account Act age AI Akira Akira ransomware All analysis and anomalies API Arctic ARM art as at ated attack attack method attack methodologies attacker attackers attacks authentication Bi breach by bypass C CI CIA co compromised credential credential harvesting credentials critical CVE cyber cybersecurit Cybersecurity cybersecurity threat D de defense defenses deployment detection device DoT e end escalation exp exploit Exploitation fact factor authentication factor authentication (MFA) firewall firewall firmware firmware for g H high Highlight HR http HTTPS in incident incident response incident response plan incident response plans infrastructure initial access inter intern internal network intrusion attempts io k Key l lateral movement Lead leading led Li line Link M Malicious Use man measures methodologies MFA Monitor monitoring multi multi-factor authentication Multi-Factor Authentication (MFA) N network networks no non o of on one ons organization organizations ory out over Patch phi point pre pro proactive proactive monitoring ps R rag ransom ransomware ransomware deployment rapid deployment RCE re recommendations record red response Response Plan Ro Rust s scanning sec secrets secure security security incident security measure security measures security team security teams security threat short Sig SMB SonicWall source specific speed SSE SSL system systems T tactics target team Teams ted text the threat threat actor threats Time times to tool tools Tor TP trust two UN unauthorized access under US use uth V visibility VPN vulnerabilities vulnerability Ware Well Wi x z