SonicWall SSL VPN accounts targeted by Akira, Fog ransomware gangs

Share This Post



At least 30 intrusions involving the exploitation of the critical SonicWall SSL VPN access control bug, tracked as CVE-2024-40766, have been conducted by the Akira and Fog ransomware gangs against several industries since August, with the former responsible for 75% of the incidents, reports BleepingComputer.

Most of the attacks — which share the same infrastructure, indicating the groups’ continued partnership after exploiting a critical Veeam backup flaw — took nearly 10 hours from initial compromise to data encryption, while many involved the utilization of VPN/VPS for endpoint access, according to an analysis from Arctic Wolf, which also showed the absence of multi-factor authentication on the breached SSL VPN accounts. Additional findings revealed that virtual machines and backups were primarily subjected to the groups’ rapid encryption attacks, which targeted documents and proprietary software but not files or sensitive documents that were older than six months or 30 months, respectively.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch