- A threat actor has used a patched vulnerability in Sonicwall — Software
- The group is tracked like UNC6148
- This enabled UNC6148 to potentially steal credentials and implement ransomware
An economically motivated threat actor, the track of Google’s threat information group such as UNC6148, has been observed targeted Lapped live-of-Life Sonicwall Secure Mobile Access (SMA) 100 series appliances.
These attacks, Google determine with ‘high confidence’, use credentials and disposable passwords (OTP) seeds obtained through previous instructions that have allowed them to access even after organizations have updated their security.
A zero-day remote code execution, says Google, with ‘Moderate Trust’, was used to implement overrun on the targeted Sonicwall SMAs. The threat information group “also assesses with moderate confidence that the UNC6148’s operations dating back to at least October 2024 may be to enable data theft and extortion operations and possibly ransomware implementation.”
UNC6148
The previously unknown sustained back door/user-mode rootkit, overrun, was deployed by the actor. This malware changes the start process of the device to provide sustained access, steal sensitive credentials, and then hide its own components;
“An organization targeted by UNC6148 in May 2025, was sent to the” World Leakes “Data People’s Web site (DLS) in June 2025, and the UNC6148 activity overlaps with publicly reported Sonicwall utilization from the end of 2023 and early 2024 (Track of GIRL like VSociet), Google continues.
Earlier in 2025, the Sonicwall Firewalls were hit by a worrying cyberattack in which a vulnerability was geared by threat players to gain access to measuring endpoint, interfere with VPN and further interfere with the target further.
These attacks highlight the importance of updating software as soon as patches become available. Organizations that do not hold the top of system updates can be left vulnerable to known explanations. If it’s too scary by a task, look at our choice for the best patch management software for a helping hand.
