Akira Hackers Exploit SonicWall Flaws for Ransom

Affiliates of the Akira ransomware gang have resumed attacks by exploiting a trio of known vulnerabilities in SonicWall security appliances. The latest wave of activity reveals how Akira hackers exploit SonicWall flaws to breach networks and demand ransom payments, revisiting a critical bug that was first abused in the summer of 2024.

Security researchers initially suspected a new zero-day vulnerability. However, further investigation linked the recent intrusions to CVE-2024-40766, a year-old flaw that remains unpatched in many systems. Attackers are chaining this vulnerability with two others to escalate privileges and move laterally within compromised environments.

Akira hackers exploit SonicWall vulnerabilities using familiar tactics, including data exfiltration followed by extortion threats. The resurgence of this method underscores the risks organizations face when failing to update or secure edge network devices.

Cybersecurity teams are urged to review affected systems and apply all relevant patches. For full coverage, read the original report:

https://go.theregister.com/feed/www.theregister.com/2025/09/10/akira_ransomware_abusing_sonicwall/