Akira Ransomware Exploits 0-Day Vulnerability in SonicWall Firewall Devices

Cybersecurity firm Arctic Wolf has identified a significant increase in ransomware attacks targeting SonicWall firewall devices in late July 2025, with evidence pointing to the exploitation of a previously unknown zero-day vulnerability.

The company’s investigation revealed multiple coordinated attacks using SonicWall SSL VPNs as the initial access point, raising serious concerns about the security of these widely deployed network devices.

Akira Ransomware Wxploiting Possible 0-Day

The ransomware campaign, primarily involving the Akira ransomware group, demonstrates concerning capabilities to circumvent standard security protocols.

Arctic Wolf researchers observed that attackers successfully compromised accounts even when Time-based One-Time Password (TOTP) multi-factor authentication was enabled, suggesting the vulnerability allows bypassing traditional authentication mechanisms.

In several documented cases, fully patched SonicWall devices were compromised immediately after organizations rotated their credentials, indicating that conventional security updates were insufficient to prevent these intrusions.

The attack timeline reveals a pattern of rapid escalation, with ransomware ...