Cyber threat actors are exploiting end-of-life SonicWall appliances to steal sensitive data and maintain persistent access, using malware and a backdoor called OVERSTEP. The campaign, linked to UNC6148, involves the theft of credentials and the deployment of sophisticated malware, potentially using known and zero-day vulnerabilities. #SonicWall #UNC6148
Keypoints
- Threat actors are targeting end-of-life SonicWall SMA 100 series appliances to steal data and maintain access.
- The campaign involves the use of malware that deletes log entries to hide initial intrusion methods.
- A backdoor named OVERSTEP allows attackers to persistently control affected devices and conceal malware components.
- Several known vulnerabilities, including CVE-2024-38475, may have been exploited for initial access.
- SonicWall recommends resetting OTP secrets to mitigate the risk of unauthorized access.
Read More: https://therecord.media/sonicwall-sma-100-series-overstep-malware-unc6148