Akira Still Using SonicWall Devices for Attacks
Thursday, September 18, 2025
Print Mail Download info_icon_img/>i

Although SonicWall has provided a patch for a vulnerability for its VPN affecting its Gen5, Gen6, and Gen7 firewall appliances (which allowed threat actors unauthorized access to SonicWall appliances), Rapid7 has reported that “an Akira ransomware campaign [recently] kicked off targeting SonicWall devices.” SonicWall has provided an advisory to customers related to the campaign, which was originally thought to be a new one, but has been confirmed to be related to the original vulnerability detected in August of 2024 (CVE SNWLID-2024-0015).

Rapid7 has observed an increase in attacks and intrusions involving SonicWall appliances in organizations that have not completed the patching for the vulnerability. Rapid7 has observed that the vulnerability is being used by threat actors, including the Akira ransomware group. It has also

“observed threat actors accessing the Virtual Office Portal hosted by SonicWall appliances…[which] in certain default configurations allows public access to the portal, which can allow threat actors to configure MFA/TOTP with valid accounts if there is a prior username and password credential exposure. Evidence collected during Rapid7’s investigations suggests that the Akira group is potentially utilizing a combination of all three of these security risks to gain unauthorized access and conduct ransomware operations.”

Rapid7 recommends that if an organization is using SonicWall devices that it:

  • Rotate passwords on all SonicWall local accounts and remove any unused or inactive SonicWall local accounts. Please reference SonicWall’s official security advisory guidance.
  • Ensure Multi-factor Authentication (MFA/TOTP) policies are configured for SonicWall SSLVPN services. Please reference SonicWall’s official security guidance.
  • Ensure successful mitigation of SSVPN Default Groups Security Risk. Please reference SonicWall’s official security guidance.
  • Ensure the Virtual Office Portal is restricted to LAN/internal access or trusted network access only. Please reference SonicWall’s official security guidance.
  • Monitor access to the Virtual Office Portal (access is on port 4433).

Ensure all SonicWall appliances are running on the latest patch. Please reference SonicWall’s vulnerability list.

Copyright © 2025 Robinson & Cole LLP. All rights reserved.

Current Public Notices

Post Your Public Notice Today!

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: National Supplier of Home Furnishings
Published: 16 September, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Sky Gate, LLC
Published: 15 September, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: FF&E in Presidio 183, LLC
Published: 15 September, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Interest in 315 Lake LLC and Madskye LLC
Published: 9 September, 2025
PUBLIC NOTICE OF UCC SALE: Gizmo Medical, LLC
Published: 9 September, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Harrisburg Hotel, LLC
Published: 8 September, 2025
PUBLIC NOTICE OF ABC SALE: Superplastic, Inc.
Published: 4 September, 2025
PUBLIC NOTICE OF RECIEVERSHIP SALE: Bison Hardwood, LLC
Published: 28 August, 2025
PUBLIC NOTICE OF UCC SALE: Shoreview Holding LLC
Published: 25 August, 2025
PUBLIC NOTICE OF DISPOSITION OF COLLATERAL: Vertify, Inc
Published: 20 August, 2025
PUBLIC NOTICE OF UCC SALE: BMD-III CHT Mezz, LLC
Published: 18 August, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Membership Interests in RINO 17 LLC
Published: 11 August, 2025
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: LCP Hollywood Lender LLC
Published: 8 August, 2025
PUBLIC NOTICE OF ASSIGNMENT: Common Cents Distributors, LLC
Published: 26 June, 2025
Discover more public notices

Current Legal Analysis

More from Robinson & Cole LLP

Privacy Tip #460 – Protecting Foster Youth from Identity Theft
by: Linn F. Freedman
Comply to Compete: DoD Finalizes CMMC Rule for Federal Contractors
by: Roma Patel
DOJ Accelerates Trade Fraud Enforcement with Interagency Task Force after a Series of False Claims Act Case Resolutions
by: David E. Carney , Kevin P. Daly
Insider Threats Climb + Are Costly
by: Linn F. Freedman
CA, CT + CO AG’s + CPPA Band Together on “Joint Investigative Privacy Sweep”
by: Linn F. Freedman
HHS Continues Focus on Access Rights by Announcing Crackdown on Information Blocking
by: Roma Patel
Condé Nast Faces Setback in California Web Tracking Class Action
by: Kathryn M. Rattigan
Privacy Tip #459 –Beware of Malicious Facebook Ads
by: Linn F. Freedman
Revolution Wind Blasts Back
by: Peter R. Knight
The Release Report #1: The Connecticut Transfer Act Is Sunsetting on March 1, 2026 — Are You Ready? [Video]
by: Emilee Mooney Scott
DOJ Issues Sweeping Guidance on Unlawful Discrimination for Federal Funding Recipients
by: Dan A. Brody , Seth B. Orkand
Attack Against Salesloft Drift App Includes Google Workspace
by: Linn F. Freedman
Disney Agrees to $10 Million FTC Settlement Over Kids’ Privacy on YouTube
by: Kathryn M. Rattigan

Upcoming Events

 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up for any (or all) of our 25+ Newsletters.

 

Sign Up for any (or all) of our 25+ Newsletters

 