A threat actor known as UNC6148 has targeted SonicWall SMA 100 appliances with malware called Overstep, potentially enabling credential theft and persistence. Although no clear monetization activity has been confirmed, links to ransomware groups and known vulnerabilities raise concerns about future threats. #UNC6148 #Overstep
Keypoints
- UNC6148 has been targeting SonicWall SMA 100 series appliances since October 2024.
- The attacker exploited known vulnerabilities to gain admin credentials despite devices being fully patched.
- Researchers discovered the deployment of a new malware called Overstep, which acts as a backdoor and rootkit.
- Overstep can covertly modify device boot processes and steal credentials, session tokens, and OTP seeds.
- Google’s threat intelligence linked the campaign to ransomware groups, though no active monetization has been confirmed.
Read More: https://www.securityweek.com/sonicwall-sma-appliances-targeted-with-new-overstep-malware/