"Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks"

The "Fog" and "Akira" ransomware operators are using SonicWall Virtual Private Network (VPN) accounts to breach corporate networks. They are suspected of exploiting a critical SSL VPN access control flaw. SonicWall patched the SonicOS flaw in late August 2024, but a week later warned of active exploitation. At the same time, researchers at Arctic Wolf reported observing the exploitation of the vulnerability by Akira ransomware affiliate to gain initial access to victim networks. According to a new report by Arctic Wolf, the Akira and Fog ransomware operations have conducted at least 30 intrusions stemming from remote access to a network via SonicWall VPN accounts. This article continues to discuss the operations targeting SonicWall VPNs to breach corporate networks.

BleepingComputer reports "Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks"