SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers
Sep 11, 2025
Ransomware / Vulnerability
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July 2025. SonicWall subsequently revealed the SSL VPN activity aimed at its firewalls involved a year-old security flaw ( CVE-2024-40766 , CVSS score: 9.3) where local user passwords were carried over during the migration and not reset. "We are observing increased threat activity from actors attempting to brute-force user credentials," the company noted . "To mitigate risk, customers should enable Botnet Filtering to block known threat actors and ensure Account Lockout policies are enabled." SonicWall has also urged users to review LDAP SSL VPN Default User Groups, describing it as a "critical weak point" if misconfigured in the con...
