Akira Ransomware Group Targets SonicWall VPNs Worldwide
Cybersecurity experts have identified the Akira ransomware group as the likely culprit behind a wave of attacks on SonicWall SSL VPNs since July 2025. The group has exploited a known vulnerability and bypassed multi-factor authentication, targeting organizations worldwide and causing significant disruption.
The surge in ransomware activity targeting SonicWall SSL VPNs began on July 15, 2025, with similar incidents dating back to October 2024. Akira, active since March 2023, has previously targeted multiple industries including education, finance, and real estate. The group's tactics include gaining unauthorized access, conducting port scans, and spreading malware through vulnerabilities in SonicWall VPNs.
Investigations have revealed a likely zero-day vulnerability in SonicWall VPNs, as even fully patched devices with MFA and rotated credentials were compromised in some attacks. Akira has developed a Linux encryptor to target VMware ESXi servers, further expanding its capabilities. Multiple intrusions via VPN access were observed in late July 2025, with attackers often using VPS hosting for VPN logins, unlike legitimate access from ISPs.
The Akira ransomware group's exploitation of SonicWall SSL VPNs, including suspected zero-day attacks on fully patched devices, highlights the ongoing threat to organizations worldwide. Cybersecurity experts urge prompt patching and robust security measures to mitigate the risk of ransomware attacks.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Dubai's WETEX 2023: Global Showcase for Clean Energy & Sustainability
- Nissan Bolsters Supply Chain Compliance with New Manager and Digital Tools
