- A threat actor has used a paveled vulnerability in Sonicwall software
- The group is tracked as UNC6148
- This allowed UNC6148 to potentially rob credentials and implement ransomware
It has been observed that a financial motivation threat actor, tracked by the Google threat intelligence group as UNC6148, it has been observed that it is aimed at the devices of 100 mobile access series Sonicwall Secure Mobile Access (SMA).
These attacks, Google determines with ‘high confidence’, are using unique password credentials and seeds (OTP) that were obtained through previous instructions, which has allowed them to access even again after organizations have updated their safety.
Google says a vulnerability to the execution of remote code of zero day, with “moderate confidence”, it was used to implement overpasses in the specific Sonicwall SMA appliances. The threat intelligence group also “evaluates with moderate confidence that the operations of UNC6148, dating from at least October 2024, can be to enable data theft and extortion operations, and possibly the implementation of ransomware.”
UNC6148
The actor implemented the actor implemented by the actor displayed by the rear actor/user user mode, overall. This malware modifies the process of starting the device to allow persistent access, steal confidential credentials and then hide its own components;
“An organization led by UNC6148 in May 2025 was published on the data leak site of” World Liquetas “(DLS) in June 2025, and the activity of UNC6148 overlaps with the exploitation of Sonicwall publicly informed of the late 2023 and early 2024 that has been publicly linked to the deployment of Google’s deployment of Google (tracked by Gtig As vsociedy as vsociedy), “Google.
At the beginning of 2025, Sonicwall’s Firewalls were beaten by a worrying cyber atago, in which threat actors leverage a vulnerability to obtain access to target final points, interfere with the VPN and interrupt even more the goal.
These attacks highlight the importance of updating the software as soon as the patches are available. Organizations that are not kept aware of the system updates can be left vulnerable to known exploiters. If it is a too discouraging task, take a look at our options for the best patches management software to help.
