Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
5 August 2025     Advisory

MA-1373.082025: MyCERT Advisory - Akira Ransomware Campaign Exploiting SonicWall SSL VPN Zero - Day Vulnerability

1.0 Introduction
Recently, Artic Wolf has observed a significant campaign by the Akira ransomware group is exploiting a likely zero-day vulnerability in SonicWall SSL VPN devices.

2.0 Impact
The attackers are achieving rapid network compromise, bypassing even MFA protections, and deploying ransomware within minutes of initial access. Even fully patched SonicWall appliances appear to be at risk, and conventional authentication mechanisms may be bypassed.

3.0 Affected System

  • SonicWall firewall appliances with SSL VPN functionality enabled.
  • All versions are potentially affected, regardless of patch status.

4.0 Suspicious Autonomous System Numbers (ASNs)

  • AS23470 – ReliableSite.Net LLC
  • AS215540 – Global Connectivity Solutions LLP
  • AS64236 – UnReal Servers, LLC
  • AS14315 – 1GSERVERS, LLC
  • AS62240 – Clouvider Limited

5.0 Recommendation
CyberSecurity Malaysia urges users and organizations to review the security release, follow the Mitigation steps and apply the necessary updates. 

  • Enhance Security Monitoring:
    • Enable full VPN access logging and alerting.
    • Deploy Endpoint Detection and Response (EDR) tools across all endpoints.
    • Use centralized threat monitoring services to detect suspicious post-access behavior
  • Review Authentication Activity:
    • Audit login history for signs of unusual access patterns or bypass of MFA.
    • Check for successful logins shortly after credential resets or updates.
  • Enable Security Services: Activate services such as Botnet Protection to help detect threat actors targeting SSL VPN endpoints.
  • Enforce Multi-Factor Authentication (MFA): Ensure MFA is enabled for all remote access to reduce credential abuse risk.
  • Remove Unused Accounts: Delete inactive or unused local firewall user accounts, especially those with SSL VPN access.
  • Practice Good Password Hygiene: Encourage regular password changes across all accounts to prevent reuse and brute-force exploitation.
  • Stay subscribed to SonicWall advisories for updates.


Kindly refer to the URL for more information:

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact Cyber999 through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17.30 MYT 
Web: https://www.cybersecurity.my

5.0 References

Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed