Techly NewsGet the app

Get the latest tech news

Escalation in Akira Campaign Targeting SonicWall VPNs, Deploying Ransomware, With Malicious Logins


Friday the security researchers at Arctic Wolf Labs wrote: In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira...

Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. This explains why fully patched devices have been compromised, a fact that initially led to speculation about a potential zero-day exploit. Equally important is ensuring visibility into internal networks, since lateral movement and ransomware encryption can occur within hours or even minutes of initial access.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Ransomware

Ransomware

Photo of escalation

escalation

Photo of SonicWall VPNs

SonicWall VPNs

Related news:

News photo

EU’s cyber agency blames ransomware as Euro airport check-in chaos continues

News photo

Ransomware attack linked to museum break-in and theft of golden exhibits

News photo

First AI-Powered 'Self-Composing' Ransomware Was Actually Just a University Research Project

« U.S. Military Is Struggling to Deploy AI Weapons
Reports: EA set to be sold to private investors for up to $50B »