Akira ransomware operation has been disclosed by Arctic Wolf researchers to have launched attacks exploiting the critical SonicWall SonicOS access control vulnerability, tracked as CVE-2024-40766,BleepingComputer reports.
Such a development comes just after organizations with SonicWall Firewall Gen 5, Gen 6, and Gen 7 devices were advised by SonicWall to immediately apply issued fixes amid potential in-the-wild exploitation of the flaw, which also affects firewalls' SSLVPN functionality. Additional details regarding the abuse of the security issue were not provided. However, SonicWall urged firewall management and SSLVPN access restrictions, as well as WAN management portal internet access deactivation as mitigations. While only SSLVPN users with local accounts on Gen 5 and Gen 6 devices were recommended to promptly update their credentials, multi-factor authentication has been urged for all SSLVPN users. Attacks leveraging the SonicOS vulnerability follow more than a year after vulnerable SonicWall Secure Mobile Access devices were targeted in a malware attack by Chinese state-sponsored hacking group UNC4540.
