Researchers from Google Threat Intelligence Group warn that UNC6148 is exploiting unsecured SonicWall SMA appliances, particularly targeting outdated devices used by many organizations. The attack leverages leaked credentials and sophisticated malware like Overstep, hampering forensic investigations. #UNC6148 #SonicWall #Overstep
Keypoints
- Hackers are compromising SonicWall Secure Mobile Access devices using leaked administrator credentials.
- The targeted appliances are outdated and no longer receive security updates, increasing vulnerability.
- Detecting compromise involves analyzing disk images and collaborating with SonicWall for forensic investigation.
- Attacks may be exploiting unknown zero-day vulnerabilities or known CVEs such as CVE-2021-20038 and CVE-2024-38475.
- The malware Overstep is used post-infection to erase logs and obstruct cybersecurity efforts.