A threat actor group called UNC6148 has been targeting SonicWall SMA 100 series appliances, exploiting vulnerabilities to deploy a sophisticated backdoor named OVERSTEP. This campaign involves credential theft, remote code execution, and persistent malware that evades detection, emphasizing the risks to edge network systems. #UNC6148 #OVERSTEP
Keypoints
- UNC6148 has been targeting SonicWall SMA 100 appliances since October 2024.
- The threat actors steal credentials and exploit known or zero-day vulnerabilities for initial access.
- The OVERSTEP backdoor can modify the applianceβs boot process and maintain persistent access.
- They deploy a usermode rootkit that hides attack artifacts and evades detection.
- Organizations are advised to perform forensic disk imaging and engage with SonicWall for mitigation.
Read More: https://thehackernews.com/2025/07/unc6148-backdoors-fully-patched.html