Arctic Wolf researchers warn that the Akira ransomware group can breach organizations within four hours using stolen SonicWall SSL VPN credentials and bypassing multi-factor authentication. The attackers use advanced lateral movement techniques, exfiltrate data, and deploy ransomware rapidly, exploiting known vulnerabilities and misconfigurations. #CVE-2024-40766 #SonicWall #AkiraRansomware #Impocket #VulnerabilityExploit
Keypoints
- Akira ransomware affiliates can compromise organizations in less than four hours.
- The attacks exploit CVE-2024-40766, a SonicWall SonicOS privilege access flaw, and credential theft.
- Attackers use network scanning, SMB sessions, RDP, and account creation for lateral movement.
- Exfiltration involves archiving data with WinRAR and using rclone or FileZilla to transfer to a control server.
- Organizations are advised to reset all vulnerable SonicWall credentials and monitor unusual activity.
Read More: https://www.helpnetsecurity.com/2025/09/29/akira-ransomware-sonicwall-vpn/