See every side of every news story
Get Started
SubscribeLogin
Israel-Hamas Conflict
Artificial Intelligence
Social Media
Donald Trump
Gaming
Amazon
Music
Cryptocurrency
Netflix
European Union
Stock Markets
Immigration
Natural Disasters
Published loading...Updated

Google Finds Custom Backdoor Being Installed on SonicWall Network Devices

NO LOC, JUL 16 – UNC6148 exploits vulnerabilities in unsupported SonicWall SMA 100 VPNs to deploy the OVERSTEP rootkit, enabling persistent access and credential theft, with attacks ongoing since October 2024.

Summary by Ars Technica
Researchers from the Google Threat Intelligence Group said that hackers are compromising SonicWall Secure Mobile Access (SMA) appliances, which sit at the edge of enterprise networks and manage and secure access by mobile devices. The targeted devices are end of life, meaning they no longer receive regular updates for stability and security. Despite the status, many organizations continue to rely on them. That has left them prime targets by UNC6…

10 Articles

Ars TechnicaArs Technica
Center

Google finds custom backdoor being installed on SonicWall network devices

Researchers from the Google Threat Intelligence Group said that hackers are compromising SonicWall Secure Mobile Access (SMA) appliances, which sit at the edge of enterprise networks and manage and secure access by mobile devices. The targeted devices are end of life, meaning they no longer receive regular updates for stability and security. Despite the status, many organizations continue to rely on them. That has left them prime targets by UNC6…

·United States
Read Full Article
CyberScoopCyberScoop
Center

SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices

A financially motivated threat group is attacking organizations using fully patched, end-of-life SonicWall Secure Mobile Access 100 series appliances, Google Threat Intelligence Group said in a report released Wednesday. The group, which Google identifies as UNC6148, is using previously stolen admin credentials to gain access to SonicWall SMA 100 series appliances, remote access VPN devices the vendor stopped selling and supporting earlier this …

Read Full Article
The RegisterThe Register
Center

Crims hijacking fully patched SonicWall VPNs

Updated: Someone's OVERSTEPing the mark

Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

Threat actor targets end-of-life SonicWall SMA 100 appliances in ongoing campaign

The hacker has deployed a backdoor to modify the boot process and has exploited several different vulnerabilities during the attack spree.

Read Full Article
BleepingComputerBleepingComputer
Center

SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware

A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances.

Read Full Article
World NEWS LiveWorld NEWS Live

Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials

(Image credit: Getty Images) A threat actor has used a patched vulnerability in SonicWall software The group is tracked as UNC6148This allowed UNC6148 to potentially steal credentials and deploy ransomwareA financially motivated threat actor, tracked by Google’s Threat Intelligence Group as UNC6148, has been observed targeting patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances.These attacks, Google determines with ‘h…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, July 16, 2025.
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Software icon

Software

Technology icon

Technology

News
For You
SearchBlindspotLocal